February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities
March 18, 2024Rewterz Threat Alert – Snake Keylogger Malware – Active IOCs
March 18, 2024Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities
March 18, 2024Rewterz Threat Alert – Snake Keylogger Malware – Active IOCs
March 18, 2024
Severity
High
Analysis Summary
CVE-2024-21434 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the SCSI Class System File component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-21446 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NTFS component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-26162 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the ODBC Driver component. By persuading a user to connect to a malicious SQL database, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-26201 CVSS:6.6
Microsoft Intune for Android could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Linux Agent component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to update the compliance script.
CVE-2024-26160 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Cloud Files Mini Filter Driver component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information from Kernel memory and use this information to launch further attacks against the affected system.
CVE-2024-21439 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Telephony Server. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code in the context of the NT AUTHORITY\Network Service account.
CVE-2024-21437 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics Component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-21408 CVSS:5.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Hyper-V component. By executing a specially crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-21429 CVSS:6.8
Microsoft Windows could allow a physical attacker to execute arbitrary code on the system, caused by a flaw in the USB Hub Driver component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21407 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Hyper-V component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the server.
CVE-2024-26170 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Composite Image File System (CimFS) component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain limited SYSTEM privileges.
Impact
- Privilege Escalation
- Gain Access
- Information Disclosure
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2024-21434
- CVE-2024-21446
- CVE-2024-26162
- CVE-2024-26201
- CVE-2024-26160
- CVE-2024-21439
- CVE-2024-21437
- CVE-2024-21408
- CVE-2024-21429
- CVE-2024-21407
- CVE-2024-26170
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows Server 2022
- Microsoft Windows Server 2019 (Server Core installation)
- Microsoft Windows Server 2022 (Server Core installation)
- Microsoft Windows 10 Version 1607 for 32-bit Systems 1607
- Microsoft Windows 10 Version 1607 for x64-based Systems 1607
- Microsoft Windows 10 Version 1809 for 32-bit Systems 1809
- Microsoft Windows 10 Version 1809 for ARM64-based Systems 1809
- Microsoft Windows 10 Version 1809 for x64-based Systems 1809
- Microsoft Windows 10 Version 21H2 for 32-bit Systems 21H2
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems 21H2
- Microsoft Windows 10 Version 21H2 for x64-based Systems 21H2
- Microsoft Windows 10 Version 22H2 for 32-bit Systems 22H2
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems 22H2
- Microsoft Windows 10 Version 22H2 for x64-based Systems 22H2
- Microsoft Windows 11 version 21H2 for ARM64-based Systems
- Microsoft Windows 11 version 21H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems 22H2
- Microsoft Windows 11 Version 22H2 for x64-based Systems 22H2
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems 23H2
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft Windows Server 2012 (Server Core installation)
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 (Server Core installation)
- Microsoft Windows 11 Version 23H2 for x64-based Systems 23H2
- Microsoft Intune Company Portal for Android
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.