Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Role: Windows Hyper-V#Security Vulnerability
CVE-2024-38072: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?** An attacker could impact availability of the service resulting in Denial of Service (DoS).

CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-38077: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

**How would an attacker exploit this vulnerability?** An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message which could allow remote code execution.

CVE-2024-38062: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38100: Windows File Explorer Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2024-38022: Windows Image Acquisition Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-38013: Microsoft Windows Server Backup Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker would be able to delete any system files.

New APT Group "CloudSorcerer" Targets Russian Government Entities

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed

ResidenceCMS 2.10.1 Cross Site Scripting

ResidenceCMS versions 2.10.1 and below suffer from a persistent cross site scripting vulnerability.