Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2024-43631: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Secure Kernel Mode#Security Vulnerability
CVE-2024-43602: Azure CycleCloud Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.

CVE-2024-43530: Windows Update Stack Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-43598: LightGBM Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-49042: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with the administrator role of "azure\_pg\_admin" in the target environment could exploit this vulnerability to gain the same privileges as a SuperUser by sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled.

CVE-2024-43613: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploits this vulnerability would gain the same privileges as the SuperUser role.

CVE-2024-10827: Chromium: CVE-2024-10827 Use after free in Serial

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.80 11/07/2024 130.0.6723.117

CVE-2024-10826: Chromium: CVE-2024-10826 Use after free in Family Experiences

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.80 11/07/2024 130.0.6723.117

CVE-2024-10488: Chromium: CVE-2024-10488 Use after free in WebRTC

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92

CVE-2024-10487: Chromium: CVE-2024-10487: Out of bounds write in Dawn

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92