Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Resilient File System (ReFS)#Security Vulnerability
CVE-2024-49103: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

CVE-2024-49102: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

CVE-2024-49101: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-49120: Windows Remote Desktop Services Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-49119: Windows Remote Desktop Services Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-49117: Windows Hyper-V Remote Code Execution Vulnerability

**How would an attacker exploit this vulnerability?** This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

CVE-2024-49111: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an attacker needs physical access to the victim's machine.

CVE-2024-49108: Windows Remote Desktop Services Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-49107: WmsRepair Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker would be able to delete any system files.