Request a Demo
Rewterz
CISA Alerts of Active Exploitation of Apache HugeGraph-Server Flaw
September 20, 2024
Rewterz
Mirai Botnet aka Katana – Active IOCs
September 21, 2024

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-26186 CVSS:8.8

Microsoft SQL Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Native Scoring component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43487 CVSS:6.5

Microsoft Windows could allow a remote attacker to bypass security restrictions. By persuading a victim to open a specially crafted contend, an attacker could exploit this vulnerability to bypass security feature to cause impact on integrity.

CVE-2024-38045 CVSS:8.1

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the TCP/IP component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38248 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Storage component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38234 CVSS:6.5

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Networking component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-43454 CVSS:7.1

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Licensing Service component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43479 CVSS:8.5

Microsoft Power Automate Desktop could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-37965 CVSS:8.8

Microsoft SQL Server could allow a remote authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-43475 CVSS:7.3

Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Admin Center component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2024-21416 CVSS:8.1

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the TCP/IP component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-30073 CVSS:7.8

Microsoft Windows could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality, integrity and availability.

CVE-2024-43495 CVSS:7.3

Microsoft could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the libarchive component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43464 CVSS:7.2

Microsoft SharePoint Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38225 CVSS:8.8

Microsoft Dynamics 365 Business Central could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-43492 CVSS:7.8

Microsoft AutoUpdate (MAU) could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

  • Denial of Service
  • Security Bypass
  • Code Execution
  • Privilege Escalation
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-26186
  • CVE-2024-43487
  • CVE-2024-38045
  • CVE-2024-38248
  • CVE-2024-38234
  • CVE-2024-43454
  • CVE-2024-43479
  • CVE-2024-37965
  • CVE-2024-43475
  • CVE-2024-21416
  • CVE-2024-30073
  • CVE-2024-43495
  • CVE-2024-43464
  • CVE-2024-38225
  • CVE-2024-43492

Affected Vendors

Microsoft

Affected Products

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft Windows Server 2022
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft ODBC Driver 17 for SQL Server
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Microsoft Dynamics 365 Business Central 2023 Release Wave 2
  • Microsoft Windows 10 Version 1809 - 10.0.0
  • Microsoft Windows 10 Version 21H2 - 10.0.0
  • Microsoft Windows 11 version 21H2 - 10.0.0
  • Microsoft Windows 11 version 22H2 - 10.0.0
  • Microsoft Windows Server 2019 - 10.0.0
  • Microsoft Windows 11 Version 24H2 - 10.0.0
  • Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
  • Microsoft Windows Server 2022 - 10.0.0
  • Microsoft SQL Server 2017 (GDR) - 14.0.0
  • Microsoft SQL Server 2019 (GDR) - 15.0.0
  • Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) - 6.0.0
  • Microsoft SharePoint Enterprise Server 2016 - 16.0.0
  • Microsoft SharePoint Server 2019 - 16.0.0
  • Microsoft SharePoint Server Subscription Edition - 16.0.0
  • Microsoft SQL Server 2017 (CU 31) - 14.0.0
  • Microsoft SQL Server 2022 (GDR) - 16.0.0
  • Microsoft Dynamics 365 Business Central 2023 Release Wave 1 - 22.0.0
  • Microsoft Dynamics 365 Business Central 2024 Release Wave 1 - 24.0
  • Microsoft Dynamics 365 Business Central 2023 Release Wave 2 - 23.0.0
  • Microsoft AutoUpdate for Mac
  • Microsoft SQL Server 2022 for (CU 14) - 16.0.0
  • Microsoft SQL Server 2019 (CU 28) - 15.0.0
  • Microsoft Power Automate for Desktop - 1.0.0.0
  • Microsoft Power BI Desktop
  • Microsoft Dynamics 365 Business Central 2024 Release Wave 1

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-26186

CVE-2024-43487

CVE-2024-38045

CVE-2024-38248

CVE-2024-38234

CVE-2024-43454

CVE-2024-43479

CVE-2024-37965

CVE-2024-43475

CVE-2024-21416

CVE-2024-30073

CVE-2024-43495

CVE-2024-43464

CVE-2024-38225

CVE-2024-43492