Analysis Summary

CVE-2024-43460 CVSS:8.1

Microsoft Dynamics 365 Business Central could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization. An attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-38183 CVSS:8.8

Microsoft GroupMe could allow a remote attacker to gain elevated privileges on the system, caused by improper access control. By persuading a victim to click on a specially crafted link, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38222 CVSS:6.5

Microsoft Edge (Chromium-based) could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-45383 CVSS:5

Microsoft High Definition Audio Bus Driver is vulnerable to a denial of service, caused by the improper handling of IRP requests by the HDAudBus_DMA interface. By executing a specially crafted application to issue multiple IRP Complete requests, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

Impact

• Denial of Service
• Privilege Escalation
• Information Disclosur

Indicators of Compromise

CVE

• CVE-2024-43460
• CVE-2024-38183
• CVE-2024-38222
• CVE-2024-45383

Affected Vendors

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-43460

CVE-2024-38183

CVE-2024-38222

CVE-2024-45383