JOHLEM.NET



Title Link Description
CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability Link Updated FAQ information. This is an informational change only.
Chromium: CVE-2024-1938 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1939 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-26196 Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Link Information published.
CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability Link Updated the Exploitability Index to 0 - Exploitation Detected and **Exploited** to Yes. This is an informational change only.
CVE-2024-21626 GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds Link Microsoft is announcing that the Azure Kubernetes Service security updates released on 31 January 2024 include runc updates, which addresses this vulnerability. Microsoft recommends that customers install the 31 January 2024 updates to ensure they have the most up-to-date version of Azure Kubernetes Service.
CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability Link Updated the Executive Summary with information that the ability to insert FBX files has also been disabled in 3D Viewer as of February 13, 2024. This is an informational change only.
CVE-2024-21307 Remote Desktop Client Remote Code Execution Vulnerability Link Added acknowledgements. This is an informational change only.
Chromium: CVE-2024-1669 Out of bounds memory access in Blink Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1670 Use after free in Mojo Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1671 Inappropriate implementation in Site Isolation Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1672 Inappropriate implementation in Content Security Policy Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1673 Use after free in Accessibility Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1674 Inappropriate implementation in Navigation Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1675 Insufficient policy enforcement in Download Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1676 Inappropriate implementation in Navigation Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-21423 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Link Information published.
CVE-2024-26188 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Information published.
CVE-2024-26192 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Link Information published.
CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability Link Information published. This CVE was addressed by updates that were released in November 2023, but the CVE was inadvertently omitted from the November 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Defender for Endpoint Protection install the November 2023 updates to be protected from this vulnerability.
CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability Link Added clarifying information to the mitigation. This is an informational change only.
CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability Link In the Security Updates table, removed the Article and Download links because the update is not available for Azure Connected Machine Agent. Customers will be notified via a revision to this CVE information when the update becomes available.
CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Link Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability Link Mistakenly updated exploited flag and exploitability assessment to indicate exploitation existed. Reverting values to no. This is an informational change only.
CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability Link Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only.
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability Link Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only.
ADV990001 Latest Servicing Stack Updates Link Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2024-20667 Azure DevOps Server Remote Code Execution Vulnerability Link Information published.
CVE-2023-50387 MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers Link Information published.
CVE-2024-21327 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Link Information published.
CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21340 Windows Kernel Information Disclosure Vulnerability Link Information published.
CVE-2024-21349 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability Link Information published.
CVE-2024-21350 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability Link Information published.
CVE-2024-21352 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21354 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Link Information published.
CVE-2024-21358 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21360 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21361 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21366 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21369 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21371 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21372 Windows OLE Remote Code Execution Vulnerability Link Information published.
CVE-2024-21375 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21379 Microsoft Word Remote Code Execution Vulnerability Link Information published.
CVE-2024-21381 Microsoft Azure Active Directory B2C Spoofing Vulnerability Link Information published.
CVE-2024-21386 .NET Denial of Service Vulnerability Link Information published.
CVE-2024-21389 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Link Information published.
CVE-2024-21393 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Link Information published.
CVE-2024-21394 Dynamics 365 Field Service Spoofing Vulnerability Link Information published.
CVE-2024-21396 Dynamics 365 Sales Spoofing Vulnerability Link Information published.
CVE-2024-21401 Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21402 Microsoft Outlook Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21404 .NET Denial of Service Vulnerability Link Information published.
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability Link Information published.
CVE-2024-21420 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-20673 Microsoft Office Remote Code Execution Vulnerability Link Information published.
CVE-2024-20679 Azure Stack Hub Spoofing Vulnerability Link Information published.
CVE-2024-21304 Trusted Compute Base Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20695 Skype for Business Information Disclosure Vulnerability Link Information published.
CVE-2024-21328 Dynamics 365 Sales Spoofing Vulnerability Link Information published.
CVE-2024-20684 Windows Hyper-V Denial of Service Vulnerability Link Information published.
CVE-2024-21339 Windows USB Generic Parent Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-21341 Windows Kernel Remote Code Execution Vulnerability Link Information published.
CVE-2024-21342 Windows DNS Client Denial of Service Vulnerability Link Information published.
CVE-2024-21343 Windows Network Address Translation (NAT) Denial of Service Vulnerability Link Information published.
CVE-2024-21344 Windows Network Address Translation (NAT) Denial of Service Vulnerability Link Information published.
CVE-2024-21345 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21346 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21347 Microsoft ODBC Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-21348 Internet Connection Sharing (ICS) Denial of Service Vulnerability Link Information published.
CVE-2024-21353 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-21355 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21356 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Link Information published.
CVE-2024-21359 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21362 Windows Kernel Security Feature Bypass Vulnerability Link Information published.
CVE-2024-21363 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Link Information published.
CVE-2024-21364 Microsoft Azure Site Recovery Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21365 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21367 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21368 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21370 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21374 Microsoft Teams for Android Information Disclosure Link Information published.
CVE-2024-21376 Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability Link Information published.
CVE-2024-21377 Windows DNS Information Disclosure Vulnerability Link Information published.
CVE-2024-21378 Microsoft Outlook Remote Code Execution Vulnerability Link Information published.
CVE-2024-21380 Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Link Information published.
CVE-2024-21384 Microsoft Office OneNote Remote Code Execution Vulnerability Link Information published.
CVE-2024-21391 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action.
CVE-2024-21395 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Link Information published.
CVE-2024-21397 Microsoft Azure File Sync Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21403 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21405 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21406 Windows Printing Service Spoofing Vulnerability Link Information published.
CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21412 Internet Shortcut Files Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability Link In the Security Updates table, added 3D Viewer as it is affected by this vulnerability. In addition, added an FAQ to explain how customers can get the 3D Viewer update.
CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Link To address a known issue with a broken link, corrected Download links in the Security Updates table. This is an informational change only.
CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Link To address a known issue with a broken link, corrected Download links in the Security Updates table. This is an informational change only.
CVE-2024-21312 .NET Framework Denial of Service Vulnerability Link To address a known issue with a broken link, corrected Download links in the Security Updates table. This is an informational change only.
CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability Link Updated the mitigation to inform customers with existing OAuth 2.0 connectors that these connectors must be updated to use a per-connector redirect URI by March 29, 2024. After March 29, 2024, users will no longer be able to create connections to or use existing OAuth 2.0 custom connectors that have not been updated. For more information see https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20. This is an informational change only.
CVE-2023-36558 ASP.NET Core - Security Feature Bypass Vulnerability Link Corrected Article links in the Security Updates table. This is an informational change only.
CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability Link Updated FAQs and added clarifying information to the mitigation. This is an informational change only.
Chromium: CVE-2024-1283 Heap buffer overflow in Skia Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-1284 Use after free in Mojo Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-21388 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Link Information published.
CVE-2023-36049 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Link Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.
CVE-2024-21336 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Information published.
CVE-2023-24023 Mitre: CVE-2023-24023 Bluetooth Vulnerability Link The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
CVE-2023-36018 Visual Studio Code Jupyter Extension Spoofing Vulnerability Link Added acknowledgements. This is an informational change only.
Chromium: CVE-2024-0333 Insufficient data validation in Extensions Link Updated FAQ information. This is an informational change only.
CVE-2024-20674 Windows Kerberos Security Feature Bypass Vulnerability Link Updated the following CVSS metrics and updated the FAQs that explain these metrics: AV:N, PR:N, UI:R. These are informational changes only.
CVE-2024-20675 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-20721 Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation Denial of Service Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-20709 Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-21337 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Link Updated FAQ information. This is an informational change only.
Chromium: CVE-2024-0517 Out of bounds write in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-0518 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-0519 Out of bounds memory access in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.
CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability Link Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Link Corrected Download and Article links in the Security Updates table. This is an informational change only.
CVE-2024-20666 BitLocker Security Feature Bypass Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-20658 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Link Corrected Download and Article links in the Security Updates table. This is an informational change only.
CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Link Revised the Security Updates table as follows: Added PowerShell 7.2, PowerShell 7.3, and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/72](https://github.com/PowerShell/Announcements/issues/72) for more information. Corrected Download and Article links for .NET Framework 3.5 and 4.8.1 installed on Windows 10 version 22H2.
CVE-2024-21312 .NET Framework Denial of Service Vulnerability Link Corrected Download and Article links in the Security Updates table. This is an informational change only.
Chromium: CVE-2024-0333 Insufficient data validation in Extensions Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-20675 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Link Information published.
CVE-2023-48631 Adobe Systems Incorporated: CVE-2023-Improper Input Validation Denial of Service Vulnerability Link Information published.
CVE-2024-20709 Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability Link This CVE was assigned by Adobe Systems Incorporated. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
CVE-2024-21337 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20666 BitLocker Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20674 Windows Kerberos Security Feature Bypass Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability Link A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update.
CVE-2024-20676 Azure Storage Mover Remote Code Execution Vulnerability Link Information published.
CVE-2024-20654 Microsoft ODBC Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-20657 Windows Group Policy Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20658 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20680 Windows Message Queuing Client (MSMQC) Information Disclosure Link Information published.
CVE-2024-20682 Windows Cryptographic Services Remote Code Execution Vulnerability Link Information published.
CVE-2024-20683 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20690 Windows Nearby Sharing Spoofing Vulnerability Link Information published.
CVE-2024-20691 Windows Themes Information Disclosure Vulnerability Link Information published.
CVE-2024-20694 Windows CoreMessaging Information Disclosure Vulnerability Link Information published.
CVE-2022-35737 MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow Link Information published.
CVE-2024-20696 Windows Libarchive Remote Code Execution Vulnerability Link Information published.
CVE-2024-20697 Windows Libarchive Remote Code Execution Vulnerability Link Information published.
CVE-2024-20698 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20699 Windows Hyper-V Denial of Service Vulnerability Link Information published.
CVE-2024-20700 Windows Hyper-V Remote Code Execution Vulnerability Link Information published.
CVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Link Information published.
CVE-2024-21307 Remote Desktop Client Remote Code Execution Vulnerability Link Information published.
CVE-2024-21313 Windows TCP/IP Information Disclosure Vulnerability Link Information published.
CVE-2024-21325 Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability Link Information published.
CVE-2024-20672 .NET Core and Visual Studio Denial of Service Vulnerability Link Information published.
CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Link Information published.
CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20652 Windows HTML Platforms Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20653 Microsoft Common Log File System Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20655 Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability Link Information published.
CVE-2024-20656 Visual Studio Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20660 Microsoft Message Queuing Information Disclosure Vulnerability Link Information published.
CVE-2024-20661 Microsoft Message Queuing Denial of Service Vulnerability Link Information published.
CVE-2024-20662 Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability Link Information published.
CVE-2024-20663 Windows Message Queuing Client (MSMQC) Information Disclosure Link Information published.
CVE-2024-20664 Microsoft Message Queuing Information Disclosure Vulnerability Link Information published.
CVE-2024-21316 Windows Server Key Distribution Service Security Feature Bypass Link Information published.
CVE-2024-20681 Windows Subsystem for Linux Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20686 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20687 Microsoft AllJoyn API Denial of Service Vulnerability Link Information published.
CVE-2024-20692 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Link Information published.
CVE-2024-21306 Microsoft Bluetooth Driver Spoofing Vulnerability Link Information published.
CVE-2024-21309 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21310 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21311 Windows Cryptographic Services Information Disclosure Vulnerability Link Information published.
CVE-2024-21312 .NET Framework Denial of Service Vulnerability Link Information published.
CVE-2024-21314 Microsoft Message Queuing Information Disclosure Vulnerability Link Information published.
CVE-2024-21318 Microsoft SharePoint Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-21319 Microsoft Identity Denial of service vulnerability Link Information published.
CVE-2024-21320 Windows Themes Spoofing Vulnerability Link Information published.
CVE-2024-20674 Windows Kerberos Security Feature Bypass Vulnerability Link Information published.
ADV990001 Latest Servicing Stack Updates Link Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2023-29356 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2023-32025 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2023-32026 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2023-32027 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2023-32028 Microsoft SQL OLE DB Remote Code Execution Vulnerability Link In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2023-29349 Microsoft ODBC and OLE DB Remote Code Execution Vulnerability Link In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
ADV190023 Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing Link With the release of the January 9, 2024 security updates, the auditing changes added in August 2023 are now available on Windows Server 2019. You do not need to install MSIs or create policies as mentioned in Step 3 of Recommended Actions.
CVE-2023-36042 Visual Studio Denial of Service Vulnerability Link In the Security Updates table, added .NET Framework 3.5 and 4.8.1 installed on all supported versions of the following: Windows 10 version 21H2, Windows 10 version 22H2, Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 23H2, and Windows Server Windows Server 2022, 23H2 Edition (Server Core installation) as .NET Framework 4.8.1 is affected by this vulnerability. Microsoft recommends that customers install the January 2024 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
Chromium: CVE-2024-0222 Use after free in ANGLE Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
Chromium: CVE-2024-0224 Use after free in WebAudio Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
Chromium: CVE-2024-0225 Use after free in WebGPU Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability Link Added clarifying information to the mitigation. This is an informational change only.
Chromium: CVE-2023-7024 Heap buffer overflow in WebRTC Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information. Google is aware that an exploit for CVE-2023-7024 exists in the wild.
CVE-2023-21751 Azure DevOps Server Spoofing Vulnerability Link Information published. This CVE was addressed by updates that were released in December 2023, but the CVE was inadvertently omitted from the December 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Azure DevOps Server install the December 2023 updates to be protected from this vulnerability.
CVE-2023-35641 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Link Added mitigation. This is an informational change only.
ADV990001 Latest Servicing Stack Updates Link Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2023-36696 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Link Information published.
CVE-2023-36020 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Link Information published.
CVE-2023-36009 Microsoft Word Information Disclosure Vulnerability Link Information published.
CVE-2023-36011 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2023-20588 AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice Link Information published.
CVE-2023-35625 Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability Link Information published.
CVE-2023-21740 Windows Media Remote Code Execution Vulnerability Link Information published.
CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability Link Information published.
CVE-2023-36010 Microsoft Defender Denial of Service Vulnerability Link Information published.
CVE-2023-36012 DHCP Server Service Information Disclosure Vulnerability Link Information published.
CVE-2023-36003 XAML Diagnostics Elevation of Privilege Vulnerability Link Information published.
CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability Link Information published.
CVE-2023-36005 Windows Telephony Server Elevation of Privilege Vulnerability Link Information published.
CVE-2023-36006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2023-35638 DHCP Server Service Denial of Service Vulnerability Link Information published.
CVE-2023-35639 Microsoft ODBC Driver Remote Code Execution Vulnerability Link Information published.
CVE-2023-35641 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Link Information published.
CVE-2023-35642 Internet Connection Sharing (ICS) Denial of Service Vulnerability Link Information published.
CVE-2023-35643 DHCP Server Service Information Disclosure Vulnerability Link Information published.
CVE-2023-35644 Windows Sysmain Service Elevation of Privilege Link Information published.
CVE-2023-35628 Windows MSHTML Platform Remote Code Execution Vulnerability Link Information published.
CVE-2023-35629 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability Link Information published.
CVE-2023-35630 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Link Information published.
CVE-2023-35631 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2023-35632 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Link Information published.
CVE-2023-35633 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2023-35634 Windows Bluetooth Driver Remote Code Execution Vulnerability Link Information published.
CVE-2023-35635 Windows Kernel Denial of Service Vulnerability Link Information published.
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability Link Information published.
CVE-2023-35619 Microsoft Outlook for Mac Spoofing Vulnerability Link Information published.
CVE-2023-35621 Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability Link Information published.
CVE-2023-35622 Windows DNS Spoofing Vulnerability Link Information published.
CVE-2023-35624 Azure Connected Machine Agent Elevation of Privilege Vulnerability Link Information published.
CVE-2023-36796 Visual Studio Remote Code Execution Vulnerability Link Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a "C2471" error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see [KB5029365](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc).
CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability Link Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a "C2471" error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see [KB5029365](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc).
CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability Link Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a "C2471" error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see [KB5029365](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc).
CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability Link Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a "C2471" error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see [KB5029365](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc).
Chromium: CVE-2023-6508 Use after free in Media Stream Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
Chromium: CVE-2023-6509 Use after free in Side Panel Search Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
Chromium: CVE-2023-6510 Use after free in Media Capture Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
Chromium: CVE-2023-6511 Inappropriate implementation in Autofill Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.
CVE-2023-35618 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Link Information published.
CVE-2023-38174 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Link Information published.
CVE-2023-36880 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Link Information published.
CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability Link Updated FAQ information. This is an informational change only.