Severity
High
Analysis Summary
CVE-2024-30040 CVSS:8.8
Microsoft Windows could allow a remote attacker to bypass security restrictions, caused by improper input validation in MSHTML Platform. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to bypass OLE mitigations in Microsoft 365 and Microsoft Office and execute arbitrary code on the system.
CVE-2024-30051 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap-based buffer overflow in the DWM Core Library component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain SYSTEM privileges.
Impact
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-30040
- CVE-2024-30051
Affected Vendors
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows 10 Version 1809 10.0.0
- Microsoft Windows Server 2019 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) 10.0.0
- Microsoft Windows Server 2022 10.0.0
- Microsoft Windows 11 version 21H2 10.0.0
- Microsoft Windows 10 Version 21H2 10.0.0
- Microsoft Windows 11 version 22H2 10.0.0
- Microsoft Windows 10 Version 22H2 10.0.0
- Microsoft Windows 11 version 22H3 10.0.0
- Microsoft Windows 11 Version 23H2 10.0.0
- Microsoft Windows 10 Version 1507 10.0.0
- Microsoft Windows 10 Version 1607 10.0.0
- Microsoft Windows Server 2016 10.0.0
- Microsoft Windows Server 2016 (Server Core installation) 10.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.