June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
LokiBot Malware – Active IOCs
August 21, 2024
“Stealc” – An Information Stealer Malware – Active IOCs
August 22, 2024
LokiBot Malware – Active IOCs
August 21, 2024
“Stealc” – An Information Stealer Malware – Active IOCs
August 22, 2024
Severity
High
Analysis Summary
CVE-2024-38191 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel Streaming Service Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38116 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the IP Routing Management Snapin component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38223 CVSS:6.8
Microsoft Windows could allow a physical attacker to gain elevated privileges on the system, caused by a flaw in the Initial Machine Configuration component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38148 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Secure Channel component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-38180 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the SmartScreen Prompt component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38106 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38143 CVSS:4.2
Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a flaw in WLAN AutoConfig Service component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38145 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Layer-2 Bridge Network component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-38151 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Kernel component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2024-38134 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, cause by a flaw in the Streaming WOW Thunk Service Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38131 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, cause by a flaw in the Clipboard Virtual Channel Extension component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38185 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel-Mode Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38152 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, cause by a flaw in the OLE component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38140 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Reliable Multicast Transport Driver (RMCAST) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38157 CVSS:7
Microsoft Azure IoT SDK could allow a local authenticated attacker to execute arbitrary code on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38160 CVSS:9.1
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Network Virtualization component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38214 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Routing and Remote Access Service (RRAS) component. By connecting to a malicious server, an attacker could exploit this vulnerability to gain code execution on the client.
CVE-2024-38120 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Routing and Remote Access Service (RRAS) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38187 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel-Mode Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38128 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Routing and Remote Access Service (RRAS) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38138 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Deployment Services component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-41159 CVSS:7.1
Microsoft OneNote for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
CVE-2024-41165 CVSS:7.1
Microsoft Word for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
CVE-2024-39804 CVSS:7.1
Microsoft PowerPoint for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
CVE-2024-43106 CVSS:7.1
Microsoft Excel for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
CVE-2024-42220 CVSS:7.1
Microsoft Outlook for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
CVE-2024-41145 CVSS:7.1
Microsoft Teams (work or school) for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw in the WebView.app helper app. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
CVE-2024-42004 CVSS:7.1
Microsoft Teams (work or school) for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
CVE-2024-41138 CVSS:7.1
Microsoft Teams (work or school) for macOS could allow a local authenticated attacker to bypass security restrictions, caused by a library injection flaw in the com.microsoft.teams2.modulehost.app helper app. By executing a specially crafted application, an attacker could exploit this vulnerability to perform permission bypass.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Security Bypass
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-38191
- CVE-2024-38116
- CVE-2024-38223
- CVE-2024-38148
- CVE-2024-38180
- CVE-2024-38106
- CVE-2024-38143
- CVE-2024-38145
- CVE-2024-38151
- CVE-2024-38134
- CVE-2024-38131
- CVE-2024-38185
- CVE-2024-38152
- CVE-2024-38140
- CVE-2024-38157
- CVE-2024-38160
- CVE-2024-38214
- CVE-2024-38120
- CVE-2024-38187
- CVE-2024-38128
- CVE-2024-38138
- CVE-2024-41159
- CVE-2024-41165
- CVE-2024-39804
- CVE-2024-43106
- CVE-2024-42220
- CVE-2024-41145
- CVE-2024-42004
- CVE-2024-41138
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 11 version 21H2 for ARM64-based Systems
- Microsoft Windows 11 version 21H2 for x64-based Systems
- Microsoft Windows 10 Version 1507 - 10.0.0
- Microsoft Windows 10 Version 1607 - 10.0.0
- Microsoft Windows 10 Version 1607 for 32-bit Systems - 1607
- Microsoft Windows 10 Version 1607 for x64-based Systems - 1607
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows 10 Version 1809 for 32-bit Systems - 1809
- Microsoft Windows 10 Version 1809 for ARM64-based Systems - 1809
- Microsoft Windows 10 Version 1809 for x64-based Systems - 1809
- Microsoft Windows 10 Version 21H2 - 10.0.0
- Microsoft Windows 10 Version 21H2 for 32-bit Systems - 21H2
- Microsoft Windows 10 Version 21H2 for 32-bit Systems - 21H2 Microsoft Windows 10 Version 21H2 for ARM64-based Systems - 21H2
- Microsoft Windows 10 Version 21H2 for x64-based Systems - 21H2
- Microsoft Windows 10 Version 22H2 - 10.0.0
- Microsoft Windows 11 version 21H2 - 10.0.0
- Microsoft Windows 11 version 22H2 - 10.0.0
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems - 22H2
- Microsoft Windows 11 Version 22H2 for x64-based Systems - 22H2
- Microsoft Windows 11 version 22H3 - 10.0.0
- Microsoft OneNote for macOS 16.83
- Microsoft Word for macOS 16.83
- Microsoft PowerPoint for macOS 16.83
- Microsoft Excel for macOS 16.83
- Microsoft Outlook for macOS 16.83.3
- Microsoft Teams (work or school) for macOS 24046.2812.2722.8193
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.