North Korean APT Kimsuky aka Black Banshee – Active IOCs
December 31, 2024DarkCrystal RAT aka DCRat – Active IOCs
January 1, 2025North Korean APT Kimsuky aka Black Banshee – Active IOCs
December 31, 2024DarkCrystal RAT aka DCRat – Active IOCs
January 1, 2025Severity
Medium
Analysis Summary
CVE-2024-49110 CVSS:6.8
Microsoft Windows could allow a physical attacker to gain elevated privileges on the system, caused by a flaw in the Mobile Broadband Driver component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-49082 CVSS:6.8
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the File Explorer compnent By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2024-49083 CVSS:6.8
Microsoft Windows could allow a physical attacker to gain elevated privileges on the system, caused by a flaw in the Mobile Broadband Driver component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-49109 CVSS:6.6
Microsoft Windows could allow a physical authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Wireless Wide Area Network Service (WwanSvc) component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-49111 CVSS:6.6
Microsoft Windows could allow a physical authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Wireless Wide Area Network Service (WwanSvc) component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-49077 CVSS:6.8
Microsoft Windows could allow a physical attacker to gain elevated privileges on the system, caused by a flaw in the Mobile Broadband Driver component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-49078 CVSS:6.8
Microsoft Windows could allow a physical attacker to gain elevated privileges on the system, caused by a flaw in the Mobile Broadband Driver component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-49081 CVSS:6.6
Microsoft Windows could allow a physical authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Wireless Wide Area Network Service (WwanSvc) component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-49110
- CVE-2024-49082
- CVE-2024-49083
- CVE-2024-49109
- CVE-2024-49111
- CVE-2024-49077
- CVE-2024-49078
- CVE-2024-49081
Affected Vendors
Affected Products
- Microsoft Windows 10 Version 1607 - 10.0.0
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows 10 Version 21H2 - 10.0.0
- Microsoft Windows 10 Version 22H2 - 10.0.0
- Microsoft Windows 11 version 22H2 - 10.0.0
- Microsoft Windows 11 version 22H3 - 10.0.0
- Microsoft Windows Server 2016 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Windows 11 Version 23H2 - 10.0.0
- Microsoft Windows Server 2025 - 10.0.0 - 10.0.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.0 - 10.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.