Analysis Summary

CVE-2024-26236 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a storage of sensitive data improperly locked memory in Update Stack. By winning a race condition, an attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-21447 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Authentication component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-26240 CVSS:8

Microsoft Windows could allow a remote attacker within the local network to bypass security restrictions, cause by improper input validation in the Secure Boot component. An attacker could exploit this vulnerability to bypass secure booting.

CVE-2024-20689 CVSS:7.1

Microsoft Windows could allow a remote attacker within the local network to bypass security restrictions, cause by a stack-based buffer overflow in the Secure Boot component. An attacker could exploit this vulnerability to bypass secure booting.

CVE-2024-26172 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read in the DWM Core Library component. An attacker could exploit this vulnerability to obtain sensitive information from the process heap and use this information to launch further attacks against the affected system.

CVE-2024-26202 CVSS:7.2

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based buffer overflow in the DHCP Server Service component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-28907 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Brokering File System. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-26228 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, cause by cryptographic issues in the Cryptographic Services component. An attacker could exploit this vulnerability to bypass RSA signature verification.

CVE-2024-26241 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-26209 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by use of uninitialized resources in the Local Security Authority Subsystem Service component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information from uninitialized memory and use this information to launch further attacks against the affected system.

CVE-2024-26232 CVSS:7.3

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by type confusion in the Message Queuing (MSMQ) component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-26220 CVSS:5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a use of uninitialized resources in the Mobile Hotspot component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information from uninitialized memory and use this information to launch further attacks against the affected system.