| CVE-2024-32002 CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution |
Link |
Information published. |
| CVE-2024-29996 Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29997 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-29998 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-29999 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30000 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30001 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30002 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30003 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30004 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30005 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30007 Microsoft Brokering File System Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30008 Windows DWM Core Library Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30010 Windows Hyper-V Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30011 Windows Hyper-V Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30012 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30014 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30015 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30016 Windows Cryptographic Services Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30017 Windows Hyper-V Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30018 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30019 DHCP Server Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30020 Windows Cryptographic Services Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30021 Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30022 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30023 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability |
Link |
Information published. |
| CVE-2024-30059 Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |
Link |
Information published. |
| CVE-2024-26238 Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29994 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30024 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30025 Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30027 NTFS Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30028 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30029 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30030 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30031 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30032 Windows DWM Core Library Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30033 Windows Search Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30034 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30035 Windows DWM Core Library Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30036 Windows Deployment Services Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30038 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30039 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30042 Microsoft Excel Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30043 Microsoft SharePoint Server Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-30046 Visual Studio Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30048 Dynamics 365 Customer Insights Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-30049 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-32004 GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories |
Link |
Information published. |
| CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-4761 Out of bounds write in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Google is aware that an exploit for CVE-2024-4761 exists in the wild. |
| CVE-2024-28902 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-23593 Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges |
Link |
Updated CVE title and CVSS scores per request from CNA (Lenovo). This is an informational change only. |
| CVE-2024-26207 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-26211 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-26217 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024. |
| Chromium: CVE-2024-4671 Use after free in Visuals |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Google is aware that an exploit for CVE-2024-4671 exists in the wild. |
| Chromium: CVE-2024-4558 Use after free in ANGLE |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-29059 .NET Framework Information Disclosure Vulnerability |
Link |
The following corrections have been made in the Security Updates table: 1) Removed .NET Framework 3.5 and 4.7.2 on Windows 10 version 1809 for ARM-based systems, .NET Framework 3.5 and 4.7/4.7.1/4.7.2 on Windows 10 version 1607 as these versions are not affected by this vulnerability. 2) Added .NET Framework 3.5 & 4.8 on Windows 10 version 1809 and Windows Server 2019, .NET Framework 3.5 and 4.7.2 on Windows 10 version 1607. Customers whose systems are configured to receive automatic updates do not need to take any further action. 3) Corrected Download and Article links. |
| CVE-2023-24948 Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Link |
Added an acknowledgement. This is an informational change only. |
| Chromium: CVE-2024-4331 Use after free in Picture In Picture |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4368 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4058 Type Confusion in ANGLE |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4060 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-4059 Out of bounds read in V8 API |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability |
Link |
Microsoft is announcing the release of a new version of the Microsoft Exchange Server updates to address all known issues that were identified in the March 2024 Security Updates. Microsoft strongly recommends installing these new updates to address the vulnerability identified by CVE-2024-26198. |
| CVE-2024-29991 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-21409 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
Link |
Added an FAQ to indicate that for .NET 7.0 and .NET 8.0., Windows is the only operating system affected by this vulnerability. For more information see [Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/303). This is an informational change only. |
| CVE-2024-28906 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28908 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28909 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28910 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28911 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28912 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28913 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28914 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28915 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28929 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28931 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28932 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28936 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28939 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28942 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28945 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29043 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29045 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29047 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| Chromium: CVE-2024-3832 Object corruption in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3914 Use after free in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3833 Object corruption in WebAssembly |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3834 Use after free in Downloads |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3837 Use after free in QUIC |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3838 Inappropriate implementation in Autofill |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3839 Out of bounds read in Fonts |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3840 Insufficient policy enforcement in Site Isolation |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3844 Inappropriate implementation in Extensions |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3845 Inappropriate implementation in Network |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3843 Insufficient data validation in Downloads |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3847 Insufficient policy enforcement in WebUI |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3846 Inappropriate implementation in Prompts |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-28926 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28927 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28930 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28933 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28934 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28935 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28937 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28938 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28940 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28941 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28943 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-28944 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29044 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29046 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29048 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29982 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29983 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29984 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29985 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Link |
Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only. |
| CVE-2024-29987 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-29986 Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26257 Microsoft Excel Remote Code Execution Vulnerability |
Link |
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links. |
| Chromium: CVE-2024-3157 Out of bounds write in Compositing |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3515 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2022-0001 Intel: CVE-2022-0001 Branch History Injection |
Link |
Updated CWE value. This is an informational change only. |
| CVE-2024-21322 Microsoft Defender for IoT Remote Code Execution Vulnerability |
Link |
Added FAQ information. This is an informational change only. |
| CVE-2024-21323 Microsoft Defender for IoT Remote Code Execution Vulnerability |
Link |
Added an FAQ. This is an information change only. |
| CVE-2024-21324 Microsoft Defender for IoT Elevation of Privilege Vulnerability |
Link |
Added an FAQ. This is an information change only. |
| CVE-2024-26234 Proxy Driver Spoofing Vulnerability |
Link |
Added acknowledgements. This is an informational change only. |
| CVE-2024-29053 Microsoft Defender for IoT Remote Code Execution Vulnerability |
Link |
Added an FAQ. This is an information change only. |
| CVE-2024-29055 Microsoft Defender for IoT Elevation of Privilege Vulnerability |
Link |
Added an FAQ. This is an information change only. |
| CVE-2024-29054 Microsoft Defender for IoT Elevation of Privilege Vulnerability |
Link |
Added an FAQ. This is an information change only. |
| CVE-2024-26193 Azure Migrate Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-20688 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-20693 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-20669 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-20665 BitLocker Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-20678 Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21424 Azure Compute Gallery Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21447 Windows Authentication Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26250 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26252 Windows rndismp6.sys Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26253 Windows rndismp6.sys Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26254 Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26255 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26256 libarchive Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26172 Windows DWM Core Library Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26179 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26200 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26205 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26158 Microsoft Install Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26232 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-28920 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28922 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28921 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28919 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28896 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28898 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28901 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-28902 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-28903 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28905 Microsoft Brokering File System Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29050 Windows Cryptographic Services Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-29063 Azure AI Search Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-29064 Windows Hyper-V Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-29066 Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-20685 Azure Private 5G Core Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-23593 Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell |
Link |
Information published. |
| CVE-2024-23594 Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager |
Link |
Corrected CVE title. This is an informational change only. |
| CVE-2024-29988 SmartScreen Prompt Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-29990 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
Link |
Information published. |
| ADV990001 Latest Servicing Stack Updates |
Link |
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details. |
| CVE-2024-20689 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26168 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26171 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26175 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26180 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26183 Windows Kerberos Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26189 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26194 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26195 DHCP Server Service Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26202 DHCP Server Service Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26209 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26218 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26219 HTTP.sys Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26220 Windows Mobile Hotspot Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26221 Windows DNS Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26222 Windows DNS Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26223 Windows DNS Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26224 Windows DNS Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26227 Windows DNS Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26231 Windows DNS Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26233 Windows DNS Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26241 Win32k Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26243 Windows USB Print Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26248 Windows Kerberos Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26210 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26229 Windows CSC Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26235 Windows Update Stack Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26236 Windows Update Stack Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26237 Windows Defender Credential Guard Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26242 Windows Telephony Server Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26244 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26245 Windows SMB Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26207 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26208 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26211 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26212 DHCP Server Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26213 Microsoft Brokering File System Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26214 Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26215 DHCP Server Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26216 Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26217 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26226 Windows Distributed File System (DFS) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26228 Windows Cryptographic Services Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26230 Windows Telephony Server Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26239 Windows Telephony Server Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26240 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26251 Microsoft SharePoint Server Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-28924 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28925 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28897 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-28904 Microsoft Brokering File System Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-28907 Microsoft Brokering File System Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-28917 Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29052 Windows Storage Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29056 Windows Authentication Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29061 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-29062 Secure Boot Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-20670 Outlook for Windows Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-29989 Azure Monitor Agent Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29992 Azure Identity Library for .NET Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-29993 Azure CycleCloud Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-29981 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-3156 Inappropriate implementation in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3158 Use after free in Bookmarks |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-3159 Out of bounds memory access in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-29049 Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-2883 Use after free in ANGLE |
Link |
Removed the sentence regarding active attacks because Google was not aware of active attacks using this vulnerability. This is an informational change only. |
| Chromium: CVE-2024-2883 Use after free in ANGLE |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware that an exploit for CVE-2024-2883 exists in the wild. |
| Chromium: CVE-2024-2885 Use after free in Dawn |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2886 Use after free in WebCodecs |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2887 Type Confusion in WebAssembly |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-29059 .NET Framework Information Disclosure Vulnerability |
Link |
Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action. |
| CVE-2024-28916 Xbox Gaming Services Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26247 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-29057 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| Chromium: CVE-2024-2625 Object lifecycle issue in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2626 Out of bounds read in Swiftshader |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2627 Use after free in Canvas |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2628 Inappropriate implementation in Downloads |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2629 Incorrect security UI in iOS |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2630 Inappropriate implementation in iOS |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-2631 Inappropriate implementation in iOS |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability |
Link |
The security update 1.38 for Azure Connected Machine Agent is now available. See the Security Updates table for more information. |
| CVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Link |
In the Security Updates table, added Microsoft Edge (Chromium-based) Extended Stable because this versions of Microsoft Edge (Chromium-based) is also affected by this vulnerability. Microsoft strongly recommends that customers running Microsoft Edge (Chromium-based) install the updates to be fully protected from the vulnerability. |
| CVE-2024-26246 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Link |
Updated CVE Tag. This is an informational change only. |
| Chromium: CVE-2024-2400 Use after free in Performance Manager |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
Link |
Updated the build numbers. This is an informational update only. |
| CVE-2024-26167 Microsoft Edge for Android Spoofing Vulnerability |
Link |
The security update 122.0.2365.92 for Edge for Android is now available. See the Security Updates table for more information. |
| CVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-26246 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Link |
Information published. |
| ADV990001 Latest Servicing Stack Updates |
Link |
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details. |
| CVE-2024-20671 Microsoft Defender Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-21392 .NET and Visual Studio Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-21411 Skype for Consumer Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21418 Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21421 Azure SDK Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-21426 Microsoft SharePoint Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21429 Windows USB Hub Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21430 Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21438 Microsoft AllJoyn API Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-21439 Windows Telephony Server Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21441 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21442 Windows USB Print Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21443 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21444 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21445 Windows USB Print Driver Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21446 NTFS Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21450 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21451 Microsoft ODBC Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26159 Microsoft ODBC Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26190 Microsoft QUIC Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26199 Microsoft Office Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26203 Azure Data Studio Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26161 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26164 Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21334 Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21390 Microsoft Authenticator Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21400 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21407 Windows Hyper-V Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21408 Windows Hyper-V Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-21419 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Link |
Information published. |
| CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-21431 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
Link |
Information published. |
| CVE-2024-21432 Windows Update Stack Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21433 Windows Print Spooler Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21434 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21435 Windows OLE Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21436 Windows Installer Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21437 Windows Graphics Component Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-21440 Microsoft ODBC Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-21448 Microsoft Teams for Android Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26160 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26162 Microsoft ODBC Driver Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26166 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Link |
Information published. |
| CVE-2024-26169 Windows Error Reporting Service Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26170 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26173 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26174 Windows Kernel Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26176 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26177 Windows Kernel Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26178 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26181 Windows Kernel Denial of Service Vulnerability |
Link |
Information published. |
| CVE-2024-26182 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability |
Link |
Information published. |
| CVE-2023-28746 Intel: CVE-2023-28746 Register File Data Sampling (RFDS) |
Link |
This CVE was assigned by Intel. Please see [CVE-2023-28746](https://www.cve.org/CVERecord?id=CVE-2023-28746) on CVE.org for more information. |
| CVE-2024-26204 Outlook for Android Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26165 Visual Studio Code Elevation of Privilege Vulnerability |
Link |
Information published. |
| CVE-2023-36866 Microsoft Office Visio Remote Code Execution Vulnerability |
Link |
In the Security Updates table added Microsoft Visio 2016 (32-bit edition) and Microsoft Visio 2016 (64-bit edition) as these versions of Visio are also affected by the vulnerability. Microsoft strongly recommends that customers running any of these versions of Visio install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. |
| CVE-2023-35372 Microsoft Office Visio Remote Code Execution Vulnerability |
Link |
In the Security Updates table added Microsoft Visio 2016 (32-bit edition) and Microsoft Visio 2016 (64-bit edition) as these versions of Visio are also affected by the vulnerability. Microsoft strongly recommends that customers running any of these versions of Visio install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. |
| CVE-2024-26167 Microsoft Edge for Android Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-2173 |
Link |
CVE-2024-2173 |
| CVE-2024-2174 |
Link |
CVE-2024-2174 |
| CVE-2024-2176 |
Link |
CVE-2024-2176 |
| CVE-2024-21378 Microsoft Outlook Remote Code Execution Vulnerability |
Link |
Updated FAQs and updated the CVSS score. These are informational changes only. |
| CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability |
Link |
Updated FAQ information. This is an informational change only. |
| Chromium: CVE-2024-1938 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1939 Type Confusion in V8 |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-26196 Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability |
Link |
Updated the Exploitability Index to 0 - Exploitation Detected and **Exploited** to Yes. This is an informational change only. |
| CVE-2024-21626 GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds |
Link |
Microsoft is announcing that the Azure Kubernetes Service security updates released on 31 January 2024 include runc updates, which addresses this vulnerability. Microsoft recommends that customers install the 31 January 2024 updates to ensure they have the most up-to-date version of Azure Kubernetes Service. |
| CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability |
Link |
Updated the Executive Summary with information that the ability to insert FBX files has also been disabled in 3D Viewer as of February 13, 2024. This is an informational change only. |
| CVE-2024-21307 Remote Desktop Client Remote Code Execution Vulnerability |
Link |
Added acknowledgements. This is an informational change only. |
| Chromium: CVE-2024-1669 Out of bounds memory access in Blink |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1670 Use after free in Mojo |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1671 Inappropriate implementation in Site Isolation |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1672 Inappropriate implementation in Content Security Policy |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1673 Use after free in Accessibility |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1674 Inappropriate implementation in Navigation |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1675 Insufficient policy enforcement in Download |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| Chromium: CVE-2024-1676 Inappropriate implementation in Navigation |
Link |
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. |
| CVE-2024-21423 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-26188 Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Link |
Information published. |
| CVE-2024-26192 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
Link |
Information published. |
| CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability |
Link |
Information published. This CVE was addressed by updates that were released in November 2023, but the CVE was inadvertently omitted from the November 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Defender for Endpoint Protection install the November 2023 updates to be protected from this vulnerability. |
| CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability |
Link |
Added clarifying information to the mitigation. This is an informational change only. |
| CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability |
Link |
In the Security Updates table, removed the Article and Download links because the update is not available for Azure Connected Machine Agent. Customers will be notified via a revision to this CVE information when the update becomes available. |
| CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability |
Link |
Updated FAQ information. This is an informational change only. |
| CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
Link |
Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only. |
| CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability |
Link |
Mistakenly updated exploited flag and exploitability assessment to indicate exploitation existed. Reverting values to no. This is an informational change only. |
| CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability |
Link |
Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only. |
| CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability |
Link |
Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only. |