The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Using ChatGPT to Deobfuscate Malicious Scripts

Published: 2024-03-13

Last Updated: 2024-03-13 08:26:17 UTC

by Xavier Mertens (Version: 1)

Today, most of the malicious scripts in the wild are heavily obfuscated. Obfuscation is key to slow down the security analyst's job and to bypass simple security controls. They are many techniques available. Most of the time, your trained eyes can spot them in a few seconds but it remains a pain to process manually. How to handle them? For some of them, you have tools like numbers-to-strings.py, developed by Didier, to convert classic encodings back to strings. Sometimes, you can write your own script (time consuming) or use a Cyberchef recipe. To speed up the analysis, why not ask some help to AI tools? Let's see a practical example with ChatGPT.

Yesterday, I found a malicious Python script ... with a low VirusTotal score of 2/61. When I had a look at it, it was obfuscated with the following techniques. All interesting strings were hex-encode, compressed and Base64-encoded ...

Read the full entry: https://isc.sans.edu/diary/Using+ChatGPT+to+Deobfuscate+Malicious+Scripts/30740/

Microsoft Patch Tuesday - March 2024

Published: 2024-03-12

Last Updated: 2024-03-12 17:53:50 UTC

by Johannes Ullrich (Version: 1)

This month's patches are oddly "light". We have patches for 60 vulnerabilities and 4 Chromium patches affecting Microsoft Edge. But only two of the vulnerabilities are rated as "Critical":

CVE-2024-21408: Windows Hyper-V Denial of Service Vulnerability

CVE-2024-21407: Windows Hyper-V Remote Code Execution Vulnerability

Oddly, Microsoft considers a DoS vulnerability "critical". However, a DoS against Hyper-V could have a significant impact, which may justify the rating. The code execution vulnerability justifies a rating of critical. However, exploitation requires an attacker to first gain a foothold inside a virtual machine.

Other vulnerabilities of interest:

CVE-2024-26198: A remote code execution vulnerability for Exchange Server. This is a DLL loading issue that is typically more difficult to exploit. Authentication is required to exploit the vulnerability.

Overall, this Patch Tuesday doesn't look too bad. Follow your normal patch management process. There is no need to get all worked up; tomorrow morning: Have some coffee, test... and later deploy once the tests are completed successfully.

Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2024/30736/

What happens when you accidentally leak your AWS API keys? [Guest Diary]

Published: 2024-03-10

Last Updated: 2024-03-11 01:12:57 UTC

by Guy Bruneau (Version: 1)

[This is a Guest Diary by Noah Pack, an ISC intern as part of the SANS.edu BACS program]

As a college freshman taking my first computer science class, I wanted to create a personal project that would test my abilities and maybe have some sort of return. I saw a video online of someone who created a python script that emailed colleges asking for free swag to be shipped to him. I liked the idea and adapted it. I created a script that emailed companies and asked for free swag, knowing that most conferences that year had been canceled due to the COVID-19 pandemic. I wrote my script, made a new email account for the script to use, created a list of ten companies it would email, and it worked flawlessly. To celebrate my achievement, I uploaded my code to GitHub. The next thing I knew, I was getting login attempts to the email address I set up for my script to use. I had hardcoded the email address and password into my code, and my computer science class didn’t teach us safe programming practices.

My situation had no ill consequences, but it could have if I had used my actual email for the script or if my project was bigger and I had used AWS or another cloud provider and hardcoded those credentials. In a later class I did learn how to safely pass credentials to my scripts without fear of leaking them on GitHub, but leaked credentials remained on my mind. This led me to the question “What happens when you leak your AWS API keys?”

In this article, I will share some research, resources, and real-world data related to leaked AWS API keys. I won’t get into scenarios where credentials are stored properly but stolen via a vulnerability, only where a developer or other AWS user hardcodes their credentials into a GitHub repository or a website.

Read the full entry: https://isc.sans.edu/diary/What+happens+when+you+accidentally+leak+your+AWS+API+keys+Guest+Diary/30730/1

MacOS Patches (and Safari, TVOS, VisionOS, WatchOS) (2024.03.08)

https://isc.sans.edu/diary/MacOS+Patches+and+Safari+TVOS+VisionOS+WatchOS/30726/

[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting (2024.03.07)

https://isc.sans.edu/diary/Guest+Diary+AWS+Deployment+Risks+Configuration+and+Credential+File+Targeting/30722/

Product: QNAP QTS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21899

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8888

NVD References: https://www.qnap.com/en/security-advisory/qsa-24-09

CVE-2024-21334 - Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Product: Microsoft Open Management Infrastructure (OMI)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21334

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334

CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Product: Microsoft Azure Kubernetes Service

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21400

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400

CVE-2024-21762 - Fortinet FortiOS Out-of-Bound Write Vulnerability

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2024-02-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21762

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8888

CVE-2024-23225 - iOS and iPadOS versions 16.7.6, 17.4, and iPadOS 17.4 are vulnerable to a memory corruption issue that allows attackers with arbitrary kernel read and write capability to bypass memory protections, as reported by Apple.

Product: Apple iPadOS

CVSS Score: 7.8

** KEV since 2024-03-06 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23225

NVD References:

- https://support.apple.com/en-us/HT214081

- https://support.apple.com/en-us/HT214082

- https://support.apple.com/kb/HT214083

- https://support.apple.com/kb/HT214084

- https://support.apple.com/kb/HT214085

- https://support.apple.com/kb/HT214086

- https://support.apple.com/kb/HT214087

- https://support.apple.com/kb/HT214088

CVE-2024-23296 - iOS 17.4 and iPadOS 17.4 may allow an attacker to bypass kernel memory protections.

Product: Apple iPadOS

CVSS Score: 7.8

** KEV since 2024-03-06 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23296

NVD References:

- https://support.apple.com/en-us/HT214081

- https://support.apple.com/kb/HT214084

- https://support.apple.com/kb/HT214086

- https://support.apple.com/kb/HT214087

- https://support.apple.com/kb/HT214088

CVE-2024-26198 - Microsoft Exchange Server Remote Code Execution Vulnerability

Product: Microsoft Exchange Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26198

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198

CVE-2024-21407 - Windows Hyper-V Remote Code Execution Vulnerability

Product: Microsoft Windows Hyper-V

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21407

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21407

CVE-2024-21408 - Windows Hyper-V Denial of Service Vulnerability

Product: Microsoft Windows Hyper-V

CVSS Score: 5.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21408

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408

CVE-2024-21431 - Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

Product: Microsoft Hypervisor

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21431

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21431

CVE-2024-22252, CVE-2024-22253 - VMware ESXi, Workstation, and Fusion use-after-free vulnerabilities

Product: VMware ESXi

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22252

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22253

NVD References: https://www.vmware.com/security/advisories/VMSA-2024-0006.html

NVD References: https://www.vmware.com/security/advisories/VMSA-2024-0006.html

CVE-2024-2005 - Blue Planet® products through 22.12 are vulnerable to privilege escalation due to a misconfiguration in the SAML implementation.

Product: Ciena Blue Planet

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2005

NVD References: https://www.ciena.com/product-security

CVE-2023-50716 - eProsima Fast DDS (formerly Fast RTPS) versions prior to 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7 allows a remote attacker to terminate the Fast-DDS process via an invalid DATA_FRAG Submessage causing a bad-free error.

Product: eProsima Fast DDS

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50716

NVD References: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h

CVE-2024-24767 - CasaOS-UserService is vulnerable to password brute force attacks in versions prior to 0.4.7, allowing attackers to gain super user-level access to the server.

Product: CasaOS-UserService

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24767

NVD References:

- https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699

- https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7

- https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x

CVE-2024-27302 - Go-zero is vulnerable to bypassing CORS policy by using strings.HasSuffix to check the origin, leading to potential data retrieval on behalf of other users.

Product: Go-zero

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27302

NVD References:

- https://github.com/zeromicro/go-zero/commit/d9d79e930dff6218a873f4f02115df61c38b15db

- https://github.com/zeromicro/go-zero/security/advisories/GHSA-fgxv-gw55-r5fq

CVE-2024-27304 - pgx is vulnerable to SQL injection when an attacker can cause a query or bind message to exceed 4 GB in size, but the issue is fixed in v4.18.2 and v5.5.4.

Product: pgx PostgreSQL Driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27304

NVD References: https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv

CVE-2024-2173 - Chromium: Out of bounds memory access in V8

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2173

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2173

NVD References:

- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/325893559

CVE-2024-2174 - Chromium: Inappropriate implementation in V8

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2174

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2174

NVD References:

- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/325866363

CVE-2024-2176 - Chromium: Use after free in FedCM

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2176

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2176

NVD References:

- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/325936438

CVE-2024-27307 - JSONata is a JSON query and transformation language with a vulnerability that allows for remote code execution prior to versions 1.8.7 and 2.0.4, which has been fixed in the latest versions.

Product: JSONata

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27307

NVD References: https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8

CVE-2024-28222 - Veritas NetBackup and NetBackup Appliance are prone to file path validation failure, allowing unauthenticated attackers to upload and execute custom files.

Product: Veritas NetBackup

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28222

NVD References: https://www.veritas.com/content/support/en_US/security/VTS23-010

CVE-2023-42662 - JFrog Artifactory versions 7.59 and above are vulnerable to exposure of user access tokens through specially crafted URLs.

Product: JFrog Artifactory

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42662

NVD References: https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories

CVE-2024-2184 - Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier may be vulnerable to a buffer overflow in the identifier field of WSD probe request process, allowing an attacker on the network segment to trigger unresponsiveness or execute arbitrary code.

Product: Canon Small Office Multifunction Printers and Laser Printers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2184

NVD References: https://psirt.canon/advisory-information/cp2024-002/

CVE-2024-2370 - ManageEngine Desktop Central version 9, build 90055 is vulnerable to unrestricted file upload, permitting remote attackers to upload malicious files without authentication.

Product: ManageEngine Desktop Central

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2370

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central

CVE-2023-49785 - NextChat, a cross-platform chat user interface for ChatGPT, is vulnerable to server-side request forgery and cross-site scripting, allowing attackers to gain unauthorized access to internal HTTP endpoints and mask their source IP.

Product: OpenAI NextChat

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49785

NVD References:

- https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web

- https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/

CVE-2024-22127 - SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload files and execute commands, impacting confidentiality, integrity, and availability.

Product: SAP NetWeaver Administrator

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22127

NVD References:

- https://me.sap.com/notes/3433192

- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

CVE-2024-25995 - Product X is vulnerable to unauthenticated remote attackers being able to modify configurations for a remote code execution due to a critical function lacking authentication.

Product: Schneider Electric Modicon M221

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25995

NVD References: https://cert.vde.com/en/advisories/VDE-2024-011

CVE-2022-32257 - SINEMA Remote Connect Server (All versions < V3.2) lacks proper access control on some endpoints, allowing for unauthorized access and potential code execution.

Product: Siemens SINEMA Remote Connect Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-32257

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-576771.html

CVE-2024-22039 - Cerberus PRO EN Engineering Tool, Cerberus PRO EN Fire Panel FC72x, Cerberus PRO EN X200 Cloud Distribution, Cerberus PRO EN X300 Cloud Distribution, Sinteso FS20 EN Engineering Tool, Sinteso FS20 EN Fire Panel FC20, Sinteso FS20 EN X200 Cloud Distribution, Sinteso FS20 EN X300 Cloud Distribution, and Sinteso Mobile are vulnerable to a stack-based buffer overflow due to a lack of validation in the network communication library, potentially allowing remote attackers to execute code with root privileges.

Product: Siemens Cerberus PRO EN Engineering Tool

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22039

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-225840.html

CVE-2023-42789 - Fortinet FortiOS and FortiProxy are vulnerable to an out-of-bounds write, allowing attackers to execute unauthorized code or commands via specially crafted HTTP requests.

Product: Fortinet FortiOS and FortiProxy

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42789

NVD References: https://fortiguard.com/psirt/FG-IR-23-328

CVE-2023-47534 - Fortinet FortiClientEMS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.8 improperly neutralize formula elements in csv files, enabling attackers to execute unauthorized code or commands through crafted packets.

Product: Fortinet FortiClientEMS

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47534

NVD References: https://fortiguard.com/psirt/FG-IR-23-390

CVE-2023-48788 - Fortinet FortiClientEMS versions 7.0.1 through 7.2.2 are vulnerable to SQL injection, allowing attackers to execute unauthorized code or commands through specially crafted packets.

Product: Fortinet FortiClientEMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48788

NVD References: https://fortiguard.com/psirt/FG-IR-23-430

CVE-2024-1301 - Badger Meter Monitool versions 4.6.3 and earlier are vulnerable to SQL injection, allowing a remote attacker to extract data from the database by sending a malicious SQL query via the j_username parameter.

Product: Badger Meter Monitool

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1301

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool

CVE-2024-1527 - CMS Made Simple version 2.2.14 is susceptible to an unrestricted file upload vulnerability, enabling authenticated users to bypass security measures and potentially execute remote commands via webshell.

Product: CMS Made Simple

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1527

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple

CVE-2024-21330 - Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Product: Microsoft Open Management Infrastructure (OMI)

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21330

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330

CVE-2024-21390 - Microsoft Authenticator Elevation of Privilege Vulnerability

Product: Microsoft Authenticator

CVSS Score: 7.1 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21390

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21390

CVE-2024-21392 - .NET and Visual Studio Denial of Service Vulnerability

Product: Microsoft .NET and Visual Studio

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21392

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392

CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability

Product: Skype for Consumer

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21411

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411

CVE-2024-21418 - Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Product: Microsoft SONiC

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21418

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21418

CVE-2024-21419 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Product: Microsoft Dynamics 365

CVSS Score: 7.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21419

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419

CVE-2024-21421 - Azure SDK Spoofing Vulnerability

Product: Azure SDK

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21421

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421

CVE-2024-21426 - Microsoft SharePoint Server Remote Code Execution Vulnerability

Product: Microsoft SharePoint Server

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21426

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426

CVE-2024-21427 - Windows Kerberos Security Feature Bypass Vulnerability

Product: Microsoft Windows

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21427

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427

CVE-2024-21432 - Windows Update Stack Elevation of Privilege Vulnerability

Product: Microsoft Windows Update Stack

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21432

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432

CVE-2024-21433 - Windows Print Spooler Elevation of Privilege Vulnerability

Product: Microsoft Windows Print Spooler

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21433

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433

CVE-2024-21434 - Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

Product: Microsoft Windows SCSI Class System File

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21434

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21434

CVE-2024-21435 - Windows OLE Remote Code Execution Vulnerability

Product: Microsoft Windows

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21435

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21435

CVE-2024-21436 - Windows Installer Elevation of Privilege Vulnerability

Product: Microsoft Windows Installer

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21436

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21436

CVE-2024-21437 - Windows Graphics Component Elevation of Privilege Vulnerability

Product: Microsoft Windows Graphics Component

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21437

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21437

CVE-2024-21438 - Microsoft AllJoyn API Denial of Service Vulnerability

Product: Microsoft AllJoyn API

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21438

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21438

CVE-2024-21439 - Windows Telephony Server Elevation of Privilege Vulnerability

Product: Microsoft Windows Telephony Server

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21439

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21439

CVE-2024-21440 - Microsoft ODBC Driver Remote Code Execution Vulnerability

Product: Microsoft ODBC Driver

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21440

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21440

CVE-2024-21441 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Product: Microsoft WDAC OLE DB provider for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21441

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21441

CVE-2024-21442 - Windows USB Print Driver Elevation of Privilege Vulnerability

Product: Windows USB Print Driver

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21442

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21442

CVE-2024-21444 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Product: Microsoft WDAC OLE DB provider for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21444

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21444

CVE-2024-21445 - Windows USB Print Driver Elevation of Privilege Vulnerability

Product: Windows USB Print Driver

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21445

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21445

CVE-2024-21446 - NTFS Elevation of Privilege Vulnerability

Product: Microsoft NTFS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21446

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21446

CVE-2024-21450 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Product: Microsoft WDAC OLE DB provider for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21450

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21450

CVE-2024-21451 - Microsoft ODBC Driver Remote Code Execution Vulnerability

Product: Microsoft ODBC Driver

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21451

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21451

CVE-2024-26159 - Microsoft ODBC Driver Remote Code Execution Vulnerability

Product: Microsoft ODBC Driver

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26159

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26159

CVE-2024-26161 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Product: Microsoft WDAC OLE DB provider for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26161

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26161

CVE-2024-26162 - Microsoft ODBC Driver Remote Code Execution Vulnerability

Product: Microsoft ODBC Driver

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26162

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26162

CVE-2024-26164 - Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

Product: Microsoft Django Backend

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26164

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26164

CVE-2024-26165 - Visual Studio Code Elevation of Privilege Vulnerability

Product: Microsoft Visual Studio Code

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26165

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26165

CVE-2024-26166 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Product: Microsoft WDAC OLE DB provider for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26166

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26166

CVE-2024-26169 - Windows Error Reporting Service Elevation of Privilege Vulnerability

Product: Microsoft Windows Error Reporting Service

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26169

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169

CVE-2024-26170 - Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Product: Microsoft Windows Composite Image File System (CimFS)

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26170

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26170

CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178, CVE-2024-26182 - Windows Kernel Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Kernel

CVSS Score: 7.3 -7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21443

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26173

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26176

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26178

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26182

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21443

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26173

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26176

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26178

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26182

CVE-2024-26190 - Microsoft QUIC Denial of Service Vulnerability

Product: Microsoft QUIC

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26190

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

CVE-2024-26199 - Microsoft Office Elevation of Privilege Vulnerability

Product: Microsoft Office

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26199

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199

CVE-2024-26203 - Azure Data Studio Elevation of Privilege Vulnerability

Product: Microsoft Azure Data Studio

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26203

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203

CVE-2024-26204 - Outlook for Android Information Disclosure Vulnerability

Product: Microsoft Outlook for Android

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26204

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26204

CVE-2024-2413 - Intumit SmartRobot is vulnerable to remote attackers using a fixed encryption key for authentication, allowing them to obtain administrator privileges and execute arbitrary code on the remote server.

Product: Intumit SmartRobot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2413

NVD References: https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html

CVE-2023-28746 - Intel: Register File Data Sampling (RFDS)

Product: Register File Data Sampling (RFDS)

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28746

ISC Diary: https://isc.sans.edu/diary/30736

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28746