| CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability |
Link |
Revised the Security Updates table to include PowerShell 7.4 because this version of PowerShell 7 is affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/65](https://github.com/PowerShell/Announcements/issues/65) for more information. |
| CVE-2024-38081 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
Link |
In the Security Updates table, made the following corrections: 1) Added .NET 6.0 as it is affected by this vulnerability. 2) Removed .NET 8.0 as it is not affected by this vulnerability. 3) Corrected Download and Article links for .NET 3.5 and 4.7.2 installed on Windows 10 Version 1809 for 32-bit Systems. |
| CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability |
Link |
Revised the Security Updates table to include PowerShell 7.4 and 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/64](https://github.com/PowerShell/Announcements/issues/64) for more information. |
| CVE-2024-39379 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-6988 Use after free in Downloads |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6989 Use after free in Loader |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6999 Inappropriate implementation in FedCM |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6998 Use after free in User Education |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6996 Race in Frames |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6997 Use after free in Tabs |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6994 Heap buffer overflow in Layout |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6993 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6995 Inappropriate implementation in Fullscreen |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6992 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6991 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-7003 Inappropriate implementation in FedCM |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-7001 Inappropriate implementation in HTML |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-7000 Use after free in CSS |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-38103 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-38176 GroupMe Elevation of Privilege Vulnerability |
Link |
An improper restriction of excessive authentication attempts in [GroupMe](https://groupme.com/) allows a unauthenticated attacker to elevate privileges over a network. |
| CVE-2024-38164 GroupMe Elevation of Privilege Vulnerability |
Link |
An improper access control vulnerability in [GroupMe](https://groupme.com/) allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. |
| CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability |
Link |
The information in the workaround section was updated. This an informational change only. |
| CVE-2024-20652 Windows HTML Platforms Security Feature Bypass Vulnerability |
Link |
Updated one or more CVSS scores for the affected products. This is an informational change only. |
| CVE-2024-21377 Windows DNS Information Disclosure Vulnerability |
Link |
Updated one or more CVSS scores for the affected products. This is an informational change only. |
| CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability |
Link |
Added acknowledgements. This is an informational change only. |
| Chromium: CVE-2024-6779 Out of bounds memory access in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6773 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6772 Inappropriate implementation in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6775 Use after free in Media Stream |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6776 Use after free in Audio |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6778 Race in DevTools |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6777 Use after free in Navigation |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6774 Use after free in Screen Capture |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-38156 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-32987 Microsoft SharePoint Server Information Disclosure Vulnerability |
Link |
Added acknowledgements. This is an informational change only. |
| CVE-2024-6387 RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling |
Link |
Updated FAQ information. This is an informational change only. |
| CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability |
Link |
Updated CWE value. This is an informational change only. |
| CVE-2024-6387 RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling |
Link |
Information published. |
| CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability |
Link |
Added FAQ to explain how this vulnerability is being addressed and further actions customers must take to be protected from it. This is an informational change only. |
| CVE-2024-38021 Microsoft Outlook Remote Code Execution Vulnerability |
Link |
Corrected CVE title. This is an informational change only. |
| CVE-2024-30061 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-21417 Windows Text Services Framework Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-28899 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-30081 Windows NTLM Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-35270 Windows iSCSI Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38088 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38087 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21335 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21373 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21398 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21414 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21415 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21428 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37318 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37969 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37970 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37974 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37981 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37985 Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers |
Link |
Information published. |
| CVE-2024-37986 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37987 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38013 Microsoft Windows Server Backup Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38015 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38022 Windows Image Acquisition Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38023 Microsoft SharePoint Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38024 Microsoft SharePoint Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38025 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38034 Windows Filtering Platform Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38041 Windows Kernel Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-38043 PowerShell Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38517 Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38051 Windows Graphics Component Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38054 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38055 Microsoft Windows Codecs Library Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-38056 Microsoft Windows Codecs Library Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-38059 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38060 Windows Imaging Component Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38062 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38064 Windows TCP/IP Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-38071 Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38072 Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38077 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38085 Windows Graphics Component Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38086 Azure Kinect SDK Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38091 Microsoft WS-Discovery Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38100 Windows File Explorer Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38102 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38104 Windows Fax Service Remote Code Execution Vulnerability |
Link |
Information published. |
| ADV990001 Latest Servicing Stack Updates |
Link |
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details. |
| CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-26184 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-30013 Windows MultiPoint Services Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-32987 Microsoft SharePoint Server Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30071 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30079 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-3596 CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-35261 Azure Network Watcher VM Extension Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-35271 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-35272 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-20701 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21303 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21308 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21317 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21425 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37319 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37320 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37321 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37322 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37323 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37324 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21449 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37326 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37327 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37328 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37329 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37330 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37334 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37336 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-28928 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-35256 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-37971 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37972 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37973 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37975 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37977 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37978 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37984 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37988 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-37989 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38010 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38011 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38017 Microsoft Message Queuing Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-38019 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38020 Microsoft Outlook Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-38021 Microsoft Office Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38027 Windows Line Printer Daemon Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38028 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38030 Windows Themes Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-38031 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38032 Microsoft Xbox Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38033 PowerShell Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38044 DHCP Server Service Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38047 PowerShell Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38048 Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38049 Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38050 Windows Workstation Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38052 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38053 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38057 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38058 BitLocker Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38065 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38066 Windows Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38067 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38068 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38069 Windows Enroll Engine Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38070 Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-38073 Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38074 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38076 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38078 Xbox Wireless Adapter Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38079 Windows Graphics Component Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38081 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38089 Microsoft Defender for IoT Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38092 Azure CycleCloud Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-38094 Microsoft SharePoint Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38099 Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38101 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-38105 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-39684 Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability |
Link |
Updated the Security Updates table to include the July 9, 2024 updates. These updates include support for opting into an updated Secure Version Number to block older boot managers. |
| CVE-2023-38545 Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow |
Link |
Microsoft is announcing that the security updates for the following supported versions of Microsoft Office include curl 8.4.0, which addresses this vulnerability: Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, and Microsoft Office 2019. |
| CVE-2022-44684 Windows Local Session Manager (LSM) Denial of Service Vulnerability |
Link |
In the Security Updates table, added Windows Server 2022, 23H2 Edition (Server Core installation) as it also affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. |
| CVE-2024-35260 Microsoft Dataverse Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-6290 |
Link |
CVE-2024-6290 |
| CVE-2024-6293 |
Link |
CVE-2024-6293 |
| CVE-2024-6292 |
Link |
CVE-2024-6292 |
| CVE-2024-6291 |
Link |
CVE-2024-6291 |
| CVE-2024-34122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-38082 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Updated CWE value. This is an informational change only. |
| CVE-2024-21345 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-26218 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-26235 Windows Update Stack Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-26236 Windows Update Stack Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-26213 Microsoft Brokering File System Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2023-38146 Windows Themes Remote Code Execution Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-38082 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Updated the severity of the products in the Security Updates table. This is an informational change only. |
| CVE-2022-26832 .NET Framework Denial of Service Vulnerability |
Link |
Updated the build numbers. This is an informational update only. |
| Chromium: CVE-2024-6103: Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6102: Out of bounds memory access in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-6100 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-38093 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-38082 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability |
Link |
Revised the Security Updates table to include PowerShell 7.4 because this version of PowerShell 7 is affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/77](https://github.com/PowerShell/Announcements/issues/62) for more information. |
| CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Link |
Updated one or more CVSS scores for the affected products. This is an informational change only. |
| Chromium: CVE-2024-5841 Use after free in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5837 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5833 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5834 Inappropriate implementation in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5843 Inappropriate implementation in Downloads |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5831 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5840 Policy Bypass in CORS |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5842 Use after free in Browser UI |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5838 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5832 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5830 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability |
Link |
Corrected Fixed Build Number and Download links in the Security Updates table. This is an informational change only. |
| CVE-2024-30058 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30057 Microsoft Edge for iOS Spoofing Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-5846 Use after free in PDFium |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5847 Use after free in PDFium |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5845 Use after free in Audio |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability |
Link |
Added an FAQ. This is an information change only. |
| CVE-2024-30069 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30072 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30074 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30075 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30076 Windows Container Manager Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30077 Windows OLE Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30082 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability |
Link |
In the Security Updates table, removed Microsoft Authentication Library (MSAL) for Python as it is not affected by CVE-2024-35255. |
| CVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU |
Link |
Information published. |
| CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM |
Link |
Information published. |
| CVE-2024-29060 Visual Studio Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30062 Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30063 Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30064 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30065 Windows Themes Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30068 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-30087 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30088 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30091 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30093 Windows Storage Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30095 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30096 Windows Cryptographic Services Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30099 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30100 Microsoft SharePoint Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30101 Microsoft Office Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30102 Microsoft Office Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30103 Microsoft Outlook Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30104 Microsoft Office Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-35248 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-35252 Azure Storage Movement Client Library Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-35254 Azure Monitor Agent Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-35265 Windows Perception Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30052 Visual Studio Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-5498 Use after free in Presentation API |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5499 Out of bounds write in Streams API |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5495 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5496 Use after free in Media Session |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5494 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5159 Heap buffer overflow in ANGLE |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5157 Use after free in Scheduling |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5158 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-5274 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Google is aware that an exploit for CVE-2024-5274 exists in the wild. |
| Chromium: CVE-2024-5160 Heap buffer overflow in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-30060 Azure Monitor Agent Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Removed one of the FAQs. This is an information change only. |
| CVE-2024-30017 Windows Hyper-V Remote Code Execution Vulnerability |
Link |
Updated FAQ information. This is an informational change only. |
| CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability |
Link |
Added an FAQ and updated the CVSS score. This is an informational change only. |
| CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability |
Link |
Updated FAQ information. This is an informational change only. |
| CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Updated CWE value. This is an informational change only. |
| CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability |
Link |
Updated the build numbers. This is an informational update only. |
| CVE-2024-30046 Visual Studio Denial of Service Vulnerability |
Link |
The following corrctions have been made: 1) Revised the Security Updates table to include .NET 7.0 and .NET 8.0 because these versions of .NET are affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. 2) Updated title to include .NET. This is an informational change only. |
| CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability |
Link |
Updated acknowledgment. This is an informational change only. |
| CVE-2024-32002 CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution |
Link |
Information published. |
| CVE-2024-29996 Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29997 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-29998 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-29999 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30000 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30001 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30002 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30003 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30004 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30005 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30007 Microsoft Brokering File System Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30008 Windows DWM Core Library Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30010 Windows Hyper-V Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30011 Windows Hyper-V Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30012 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30014 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30015 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30016 Windows Cryptographic Services Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30017 Windows Hyper-V Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30018 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30019 DHCP Server Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30020 Windows Cryptographic Services Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30021 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30022 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30023 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability |
Link |
Information published. |
| CVE-2024-30059 Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |
Link |
Information published. |
| CVE-2024-26238 Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29994 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30024 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30025 Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30027 NTFS Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30028 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30029 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30030 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30031 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30032 Windows DWM Core Library Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30033 Windows Search Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30034 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30035 Windows DWM Core Library Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30036 Windows Deployment Services Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30038 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30039 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30042 Microsoft Excel Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30043 Microsoft SharePoint Server Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30046 Visual Studio Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30048 Dynamics 365 Customer Insights Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30049 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-32004 GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories |
Link |
Information published. |
| CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-4761 Out of bounds write in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Google is aware that an exploit for CVE-2024-4761 exists in the wild. |
| CVE-2024-28902 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-23593 Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges |
Link |
Updated CVE title and CVSS scores per request from CNA (Lenovo). This is an informational change only. |
| CVE-2024-26207 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-26211 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-26217 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| Chromium: CVE-2024-4671 Use after free in Visuals |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Google is aware that an exploit for CVE-2024-4671 exists in the wild. |
| Chromium: CVE-2024-4558 Use after free in ANGLE |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-29059 .NET Framework Information Disclosure Vulnerability |
Link |
The following corrections have been made in the Security Updates table: 1) Removed .NET Framework 3.5 and 4.7.2 on Windows 10 version 1809 for ARM-based systems, .NET Framework 3.5 and 4.7/4.7.1/4.7.2 on Windows 10 version 1607 as these versions are not affected by this vulnerability. 2) Added .NET Framework 3.5 & 4.8 on Windows 10 version 1809 and Windows Server 2019, .NET Framework 3.5 and 4.7.2 on Windows 10 version 1607. Customers whose systems are configured to receive automatic updates do not need to take any further action. 3) Corrected Download and Article links. |
| CVE-2023-24948 Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Link |
Added an acknowledgement. This is an informational change only. |
| Chromium: CVE-2024-4331 Use after free in Picture In Picture |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4368 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4058 Type Confusion in ANGLE |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4060 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4059 Out of bounds read in V8 API |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |