Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-21419: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

Microsoft Security Response Center
#xss#vulnerability#web#mac#microsoft#Microsoft Dynamics#Security Vulnerability
CVE-2024-21407: Windows Hyper-V Remote Code Execution Vulnerability

**How would an attacker exploit this vulnerability?** This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

CVE-2024-21334: Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** A remote unauthenticated attacker could access the OMI instance from the Internet and send specially crafted requests to trigger a use-after-free vulnerability.

CVE-2024-21433: Windows Print Spooler Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-21427: Windows Kerberos Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** The authentication feature could be bypassed as this vulnerability allows impersonation.

CVE-2024-21444: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2024-21443: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-26203: Azure Data Studio Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker would gain the rights of the user that is running the affected application.

CVE-2024-26201: Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of the vulnerability requires a user to modify a custom compliance script on the device after it is written to temporary storage and before execution of the script finishes.

CVE-2024-21446: NTFS Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.