Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-37331: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.

Microsoft Security Response Center
Open in Source
#sql#vulnerability#rce#auth#SQL Server#Security Vulnerability
CVE-2024-37985: Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-37981: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-37974: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An unauthenticated attacker with LAN access could exploit this vulnerability.

CVE-2024-37970: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An unauthenticated attacker with LAN access could exploit this vulnerability.

CVE-2024-38013: Microsoft Windows Server Backup Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker would be able to delete any system files.

CVE-2024-37987: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-38095: .NET and Visual Studio Denial of Service Vulnerability

**.NET 6.0 was added to the Security Updates table on October 8, 2024 because it is also affected by this vulnerability. Why are the Download and Article links missing for .NET 6.0?** HTTP/3 support was only experimental in .NET 6.0. If you are using .NET 6 you must update your application to .NET 8 to be protected. Experimental features will not be patched if a later runtime includes the feature as non-experimental..

CVE-2024-6293: CVE-2024-6293

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

CVE-2024-6292: CVE-2024-6292

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127