Severity
High
Analysis Summary
CVE-2024-38203 CVSS:6.2
Microsoft Windows could allow a local attacker to obtain sensitive information, caused by an error in the Package Library Manager. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-43624 CVSS:8.8
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in Hyper-V Shared Virtual Disk. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2024-43565 CVSS:7.5
Microsoft Windows id vulnerable to a denial of service, caused by a flaw in Network Address Translation (NAT) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Information Disclosure
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-38203
- CVE-2024-43624
- CVE-2024-43565
Affected Vendors
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows 10 Version 1507 - 10.0.0
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows 11 version 22H2 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Windows Server 2022 - 10.0.0
- Microsoft Windows Server 2008 R2 Service Pack 1 - 6.1.0
- Microsoft Windows Server 2025 - 10.0.0 - 10.0.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.0 - 10.0.0
- Microsoft Windows 11 Version 24H2 - 10.0.0 - 10.0.0
- Microsoft Windows Server 2022 - 10.0.0 - 10.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.