Severity
High
Analysis Summary
CVE-2024-38209 CVSS:7.8
Microsoft Edge (Chromium-based) could allow a local attacker to execute arbitrary code on the system. By using a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38210 CVSS:7.8
Microsoft Edge (Chromium-based) could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds read vulnerability. By using a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43477 CVSS:7.5
Microsoft Entra is vulnerable to a denial of service, caused by improper access control in Decentralized Identity Services. By sending a specially crafted request, a remote attacker could exploit this vulnerability to disable Verifiable ID's on another tenant.
CVE-2024-38016 CVSS:7.8
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-38209
- CVE-2024-38210
- CVE-2024-43477
- CVE-2024-38016
Affected Vendors
Affected Products
- Microsoft 365 Apps for Enterprise - 16.0.1
- Microsoft Office 2019 - 19.0.0
- Microsoft Office LTSC 2021 - 16.0.1
- Microsoft Edge (Chromium-based) - 1.0.0
- Microsoft Entra
- Microsoft Visio 2016 - 16.0.1
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.