Request a Demo
Rewterz
CISA Alerts Users of Active Exploitation of SolarWinds Help Desk Software Flaw
October 16, 2024
Rewterz
ATM Heists Use New FASTCash Malware Linux Variant Targeting Payment Switches – Active IOCs
October 16, 2024

Multiple Microsoft Windows Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-43535 CVSS:7

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2024-43529 CVSS:7.3

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2024-43526 CVSS:6.8

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-43527 CVSS:7.8

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-43525 CVSS:6.8

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-43518 CVSS:8.8

Windows Telephony Server Remote Code Execution Vulnerability

CVE-2024-43508 CVSS:5.5

Windows Graphics Component Information Disclosure Vulnerability

CVE-2024-43502 CVSS:7.1

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-38261 CVSS:7.8

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-43516 CVSS:7.8

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Impact

  • Privilege Escalation
  • Code Execution
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-43535
  • CVE-2024-43529
  • CVE-2024-43526
  • CVE-2024-43527
  • CVE-2024-43525
  • CVE-2024-43518
  • CVE-2024-43508
  • CVE-2024-43502
  • CVE-2024-38261
  • CVE-2024-43516

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server 2022
  • Microsoft Windows 10 Version 1809 - 10.0.0
  • Microsoft Windows 10 Version 21H2 - 10.0.0
  • Microsoft Windows 11 version 21H2 - 10.0.0
  • Microsoft Windows 11 version 22H2 - 10.0.0
  • Microsoft Windows Server 2019 - 10.0.0
  • Microsoft Windows Server 2008 Service Pack 2 - 6.0.0
  • Microsoft Windows 11 Version 24H2 - 10.0.0
  • Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
  • Microsoft Windows Server 2022 - 10.0.0
  • Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) - 6.0.0
  • Microsoft Windows Server 2008 R2 Service Pack 1 - 6.1.0
  • Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.0
  • Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) - 6.0.0
  • Microsoft Windows Server 2012 R2 - 6.3.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-43535

CVE-2024-43529

CVE-2024-43526

CVE-2024-43527

CVE-2024-43525

CVE-2024-43518

CVE-2024-43508

CVE-2024-43502

CVE-2024-38261

CVE-2024-43516