Request a Demo
Rewterz
SmokeLoader Malware – Active IOCs
October 20, 2024
Rewterz
DarkCrystal RAT aka DCRat – Active IOCs
October 21, 2024

Multiple Microsoft Windows Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-43528 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Secure Kernel Mode component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-43521 CVSS:7.5

Microsoft Windows Hyper-V is vulnerable to a denial of service, caused by incorrect check of function return value. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-43511 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel Component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-43509 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Graphics Component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-43501 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Log File System Driver component, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-43456 CVSS:4.8

Microsoft Windows is vulnerable to tampering, caused by an error in the Remote Desktop Services. A remote attacker could exploit this vulnerability to read or modify network communications.

CVE-2024-38262 CVSS:7.5

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in the Remote Desktop Licensing Service. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38029 CVSS:7.5

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OpenSSH for Windows component. By loading a malicious DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38129 CVSS:7.5

Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an error in the Kerberos component. An attacker could exploit this vulnerability to gain elevated privileges on the system.

Impact

  • Privilege Escalation
  • Denial of Service
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2024-43528
  • CVE-2024-43521
  • CVE-2024-43511
  • CVE-2024-43509
  • CVE-2024-43501
  • CVE-2024-43456
  • CVE-2024-38262
  • CVE-2024-38029
  • CVE-2024-38129

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server 2022
  • Microsoft Windows 10 Version 1507 - 10.0.0
  • Microsoft Windows 10 Version 1607 - 10.0.0
  • Microsoft Windows 10 Version 1809 - 10.0.0
  • Microsoft Windows 11 version 22H3 - 10.0.0
  • Microsoft Windows Server 2019 - 10.0.0
  • Microsoft Windows 11 Version 24H2 - 10.0.0
  • Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
  • Microsoft Windows Server 2022 - 10.0.0
  • Microsoft Windows 11 Version 23H2 - 10.0.0
  • Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.0
  • Microsoft Windows Server 2012 R2 - 6.3.0
  • Microsoft Windows Server 2012 - 6.2.0
  • Microsoft Windows Server 2012 (Server Core installation) - 6.2.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-43528

CVE-2024-43521

CVE-2024-43511

CVE-2024-43509

CVE-2024-43501

CVE-2024-43456

CVE-2024-38262

CVE-2024-38029

CVE-2024-38129