

SmokeLoader Malware – Active IOCs
October 20, 2024
DarkCrystal RAT aka DCRat – Active IOCs
October 21, 2024
SmokeLoader Malware – Active IOCs
October 20, 2024
DarkCrystal RAT aka DCRat – Active IOCs
October 21, 2024Severity
High
Analysis Summary
CVE-2024-43528 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Secure Kernel Mode component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-43521 CVSS:7.5
Microsoft Windows Hyper-V is vulnerable to a denial of service, caused by incorrect check of function return value. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-43511 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel Component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-43509 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Graphics Component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-43501 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Log File System Driver component, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-43456 CVSS:4.8
Microsoft Windows is vulnerable to tampering, caused by an error in the Remote Desktop Services. A remote attacker could exploit this vulnerability to read or modify network communications.
CVE-2024-38262 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in the Remote Desktop Licensing Service. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38029 CVSS:7.5
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OpenSSH for Windows component. By loading a malicious DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38129 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an error in the Kerberos component. An attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
- Privilege Escalation
- Denial of Service
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-43528
- CVE-2024-43521
- CVE-2024-43511
- CVE-2024-43509
- CVE-2024-43501
- CVE-2024-43456
- CVE-2024-38262
- CVE-2024-38029
- CVE-2024-38129
Affected Vendors
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows 10 Version 1507 - 10.0.0
- Microsoft Windows 10 Version 1607 - 10.0.0
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows 11 version 22H3 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows 11 Version 24H2 - 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Windows Server 2022 - 10.0.0
- Microsoft Windows 11 Version 23H2 - 10.0.0
- Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.0
- Microsoft Windows Server 2012 R2 - 6.3.0
- Microsoft Windows Server 2012 - 6.2.0
- Microsoft Windows Server 2012 (Server Core installation) - 6.2.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.