Analysis Summary

CVE-2024-30019 CVSS:6.5

Microsoft Windows is vulnerable to a denial of service, caused by uncontrolled memory consumption in the DHCP Server Service component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-30009 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a numeric truncation error in the Routing and Remote Access Service (RRAS) component. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-30035 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in the DWM Core Library component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain SYSTEM privileges.

CVE-2024-30012 CVSS:6.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the Mobile Broadband Driver. By physically connecting a malicious USB device to the victim's machine, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-30032 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in the DWM Core Library component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain SYSTEM privileges.

CVE-2024-30025 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds read in the Common Log File System component. By executing a specially crafted program, an attacker could exploit this vulnerability to gain SYSTEM privileges.

CVE-2024-29996 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds read in the Common Log File System component. By executing a specially crafted program, an attacker could exploit this vulnerability to gain SYSTEM privileges.

CVE-2024-30001 CVSS:6.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the Mobile Broadband Driver. By physically connecting a malicious USB device to the victim's machine, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-30039 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a buffer over-read in the Remote Access Connection Manager component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-30049 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in the Win32k component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-30003 CVSS:6.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the Mobile Broadband Driver. By physically connecting a malicious USB device to the victim's machine, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-29994 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds read in the SCSI Class System File component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-30031 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in the CNG Key Isolation Service component. By winning a race condition, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-30000 CVSS:6.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the Mobile Broadband Driver. By physically connecting a malicious USB device to the victim's machine, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-30050 CVSS:5.4

Microsoft Windows could allow a remote attacker to bypass security restrictions, caused by a flaw in the Mark of the Web component. An attacker could exploit this vulnerability to bypass security feature to cause impact on integrity and availability.

CVE-2024-30017 CVSS:8.8

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based buffer overflow in the Hyper-V component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the server.

CVE-2024-30016 CVSS:5.5

Microsoft Windows could a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read in the Cryptographic Services component. By sending a specially crafted request to the cryptography provider's vulnerable function, an attacker could exploit this vulnerability to read small portions of heap memory.

CVE-2024-30014 CVSS:7.5

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a numeric truncation error in the Routing and Remote Access Service (RRAS) component. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-30007 CVSS:8.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Brokering File System. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-30027 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double-free flaw in the NTFS component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-30010 CVSS:8.8

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a path traversal error in the Hyper-V component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the server.

CVE-2024-30023 CVSS:7.5

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a numeric truncation error in the Routing and Remote Access Service (RRAS) component. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-30020 CVSS:8.1

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a heap-based buffer overflow in the Cryptographic Services component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Denial of Service
• Code Execution
• Security Bypass
• Privilege Escalation
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-30019
• CVE-2024-30009
• CVE-2024-30035
• CVE-2024-30012
• CVE-2024-30032
• CVE-2024-30025
• CVE-2024-29996
• CVE-2024-30001
• CVE-2024-30039
• CVE-2024-30049
• CVE-2024-30003
• CVE-2024-29994
• CVE-2024-30031
• CVE-2024-30000
• CVE-2024-30050
• CVE-2024-30017
• CVE-2024-30016
• CVE-2024-30014
• CVE-2024-30007
• CVE-2024-30027
• CVE-2024-30010
• CVE-2024-30023
• CVE-2024-30020

Affected Vendors

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-30019

CVE-2024-30009

CVE-2024-30035

CVE-2024-30012

CVE-2024-30032

CVE-2024-30025

CVE-2024-29996

CVE-2024-30001

CVE-2024-30039

CVE-2024-30049

CVE-2024-30003

CVE-2024-29994

CVE-2024-30031

CVE-2024-30000

CVE-2024-30050

CVE-2024-30017

CVE-2024-30016

CVE-2024-30014

CVE-2024-30007

CVE-2024-30027

CVE-2024-30010

CVE-2024-30023

CVE-2024-30020