

Multiple WordPress Plugins Vulnerabilities
December 9, 2024
Multiple Zyxel Products Vulnerabilities
December 9, 2024
Multiple WordPress Plugins Vulnerabilities
December 9, 2024
Multiple Zyxel Products Vulnerabilities
December 9, 2024Severity
High
Analysis Summary
CVE-2024-38203 CVSS:6.2
Microsoft Windows could allow a local attacker to obtain sensitive information, caused by an error in the Package Library Manager. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-43624 CVSS:8.8
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in Hyper-V Shared Virtual Disk. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2024-43565 CVSS:7.5
Microsoft Windows id vulnerable to a denial of service, caused by a flaw in Network Address Translation (NAT) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Information Disclosure
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-38203
- CVE-2024-43624
- CVE-2024-43565
Affected Vendors
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows 10 Version 1507 - 10.0.0
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows 11 version 22H2 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Windows Server 2022 - 10.0.0
- Microsoft Windows Server 2008 R2 Service Pack 1 - 6.1.0
- Microsoft Windows Server 2025 - 10.0.0 - 10.0.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.0 - 10.0.0
- Microsoft Windows 11 Version 24H2 - 10.0.0 - 10.0.0
- Microsoft Windows Server 2022 - 10.0.0 - 10.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.