March 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Russian Turla APT Group Uses Novel TinyTurla-NG Backdoor to Launch Attacks on Polish NGOs – Active IOCs
February 18, 2024Rewterz Threat Alert – AveMaria RAT aka WarzoneRAT – Active IOCs
February 19, 2024Rewterz Threat Alert – Russian Turla APT Group Uses Novel TinyTurla-NG Backdoor to Launch Attacks on Polish NGOs – Active IOCs
February 18, 2024Rewterz Threat Alert – AveMaria RAT aka WarzoneRAT – Active IOCs
February 19, 2024
Severity
High
Analysis Summary
CVE-2024-21413 CVSS:9.8
Microsoft Outlook could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper neutralization of user-supplied input by the Preview Pane feature. An attacker could exploit this vulnerability to bypass the Protected View Protocol, obtain local NTLM credentials, and execute arbitrary code with elevated privileges on the system.
CVE-2024-21376 CVSS:9
Microsoft Azure could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in Kubernetes Service Confidential Container. By leveraging an untrusted AKS Kubernetes node and AKS Confidential Container, an attacker could exploit this vulnerability to take over confidential guests and containers beyond the network stack it might be bound to, allowing the attacker to move the workload onto an attacker controlled machine.
CVE-2024-21406 CVSS:7.5
Microsoft Windows could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the Printing Service. By sending a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets, an attacker could conduct a spoofing attack.
CVE-2024-21341 CVSS:6.8
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in Kernel. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21396 CVSS:7.6
Microsoft Dynamics 365 (on-premises) could allow a remote authenticated attacker to conduct spoofing attacks via the Sales component.
CVE-2024-21343 CVSS:5.9
Microsoft Windowss vulnerable to a denial of service, caused by a flaw in Network Address Translation (NAT). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-21328 CVSS:6.3
Microsoft Microsoft Dynamics 365 (on-premises) could allow a remote authenticated attacker to conduct spoofing attacks via the Sales component.
CVE-2024-20695 CVSS:5.7
Microsoft Skype for Business could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to file content and then use this information to launch further attacks against the affected system.
CVE-2024-21365 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC OLE DB provider for SQL Server. By persuading a victim to connect to a malicious SQL database using their SQL client application, an attacker could exploit this vulnerability to execute arbitrary code within the context of the user’s SQL client application.
CVE-2024-21359 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC OLE DB provider for SQL Server. By persuading a victim to connect to a malicious SQL database using their SQL client application, an attacker could exploit this vulnerability to execute arbitrary code within the context of the user’s SQL client application.
CVE-2024-21368 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC OLE DB provider for SQL Server. By persuading a victim to connect to a malicious SQL database using their SQL client application, an attacker could exploit this vulnerability to execute arbitrary code within the context of the user’s SQL client application.
CVE-2024-20684 CVSS:6.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Hyper-V. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-21377 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in DNS. An attacker could exploit this vulnerability to read small portions of heap memory.
CVE-2024-21393 CVSS:7.6
Microsoft Dynamics 365 (on-premises) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-21363 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in Message Queuing. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21420 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC OLE DB provider for SQL Server. By persuading a victim to connect to a malicious SQL database using their SQL client application, an attacker could exploit this vulnerability to execute arbitrary code within the context of the user’s SQL client application.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Privilege Escalation
- Cross-Site Scripting
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-20726
- CVE-2024-20727
- CVE-2024-20728
- CVE-2024-20729
- CVE-2024-20730
- CVE-2024-20731
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 x64
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows 10 x32
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows 10 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for 32-bit Systems
- Microsoft Windows 10 22H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft Dynamics 365 (on-premises) 9.1
- Microsoft Skype for Business Server 2019 CU7
- Microsoft Windows Server (Server Core installation) 2022 23H2
- Microsoft Windows 11 23H2 for ARM64-based Systems
- Microsoft Windows 11 23H2 for x64-based Systems
- Microsoft Azure Kubernetes Service Confidential Containers
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.