Vulnerability-Lookup

CERTFR-2024-AVI-0289

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.4291
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.5696
Microsoft	Windows	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.830
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.4291
Microsoft	Windows	Windows Server 2012 versions antérieures à 6.2.9200.24821
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27067
Microsoft	Windows	Windows Server 2022 versions antérieures à 10.0.20348.2402
Microsoft	Windows	Windows 10 Version 1809 pour systèmes ARM64 versions antérieures à 10.0.17763.5696
Microsoft	Windows	Outlook pour Windows versions antérieures à 1.2023.0322.0100
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22631.3447
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27067
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.22618
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.6897
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.6897
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.21924
Microsoft	Windows	Microsoft ODBC Driver 18 pour SQL Server sur Windows versions antérieures à 18.3.3.1
Microsoft	Windows	Windows 11 version 21H2 pour systèmes x64 versions antérieures à 10.0.22000.2899
Microsoft	Windows	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.6897
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.4291
Microsoft	Windows	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.24821
Microsoft	Windows	Windows 11 version 21H2 pour systèmes ARM64 versions antérieures à 10.0.22000.2899
Microsoft	Windows	Windows Server 2016 versions antérieures à 10.0.14393.6897
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22618
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.3447
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22631.3447
Microsoft	Windows	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.2402
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.4291
Microsoft	Windows	Windows Server 2012 R2 versions antérieures à 6.3.9600.21924
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.22618
Microsoft	Windows	Windows Server 2019 versions antérieures à 10.0.17763.5696
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.4291
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.3447
Microsoft	Windows	Microsoft ODBC Driver 17 pour SQL Server sur Windows versions antérieures à 17.10.6.1
Microsoft	Windows	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20596
Microsoft	Windows	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20596
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22618
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.4291
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.5696
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.3435
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.3435
Microsoft	Windows	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.5696

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Windows du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-26232 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29043 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28932 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28925 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26210 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29062 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26236 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26237 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26180 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28922 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29061 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28931 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-21447 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26253 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26183 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26255 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28923 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26229 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26221 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2022-0001 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26227 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29988 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26205 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20689 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28938 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26224 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26158 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26175 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26244 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29050 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28897 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26220 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28937 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26240 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26217 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26242 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26218 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28921 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28907 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28902 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28903 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28920 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28943 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26171 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28941 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28905 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26213 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28934 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20665 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26216 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26231 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28900 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26228 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28935 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26215 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-23593 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26214 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26248 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26254 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26226 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28930 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20693 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26208 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29056 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29066 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28896 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-23594 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20678 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26207 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28919 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28904 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26252 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26241 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29052 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20669 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26172 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26194 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20688 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28898 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26200 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26239 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26189 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26219 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29064 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26256 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26202 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26243 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26195 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28924 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28936 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28901 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26233 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26179 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26222 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20670 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28929 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-28933 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26250 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26230 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26168 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26211 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26209 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26234 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26212 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26223 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26235 du 09 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-26245 du 09 avril 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.4291",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.5696",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.830",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.4291",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.24821",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.27067",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.2402",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.17763.5696",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Outlook pour Windows versions ant\u00e9rieures \u00e0 1.2023.0322.0100",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.3447",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.27067",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22618",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.6897",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.6897",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.21924",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 18 pour SQL Server sur Windows versions ant\u00e9rieures \u00e0 18.3.3.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22000.2899",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.6897",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.4291",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.24821",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22000.2899",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.6897",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22618",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.3447",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.3447",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.2402",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.4291",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.21924",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22618",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.5696",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.4291",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.3447",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 17 pour SQL Server sur Windows versions ant\u00e9rieures \u00e0 17.10.6.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20596",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20596",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22618",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.4291",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.5696",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.3435",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.3435",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.5696",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-28902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28902"
    },
    {
      "name": "CVE-2024-26232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26232"
    },
    {
      "name": "CVE-2024-26214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26214"
    },
    {
      "name": "CVE-2024-28919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28919"
    },
    {
      "name": "CVE-2024-26239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26239"
    },
    {
      "name": "CVE-2024-26194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26194"
    },
    {
      "name": "CVE-2024-26222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26222"
    },
    {
      "name": "CVE-2024-28933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28933"
    },
    {
      "name": "CVE-2024-28941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28941"
    },
    {
      "name": "CVE-2024-28925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28925"
    },
    {
      "name": "CVE-2024-26211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26211"
    },
    {
      "name": "CVE-2024-29066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29066"
    },
    {
      "name": "CVE-2024-20693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20693"
    },
    {
      "name": "CVE-2024-26242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26242"
    },
    {
      "name": "CVE-2024-20688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20688"
    },
    {
      "name": "CVE-2024-26252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26252"
    },
    {
      "name": "CVE-2024-28896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28896"
    },
    {
      "name": "CVE-2024-26179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26179"
    },
    {
      "name": "CVE-2024-26227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26227"
    },
    {
      "name": "CVE-2024-28905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28905"
    },
    {
      "name": "CVE-2024-20669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20669"
    },
    {
      "name": "CVE-2024-26223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26223"
    },
    {
      "name": "CVE-2024-28932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28932"
    },
    {
      "name": "CVE-2024-26180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26180"
    },
    {
      "name": "CVE-2024-28897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28897"
    },
    {
      "name": "CVE-2024-26234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26234"
    },
    {
      "name": "CVE-2024-21447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21447"
    },
    {
      "name": "CVE-2024-29043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29043"
    },
    {
      "name": "CVE-2024-28935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28935"
    },
    {
      "name": "CVE-2024-28930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28930"
    },
    {
      "name": "CVE-2024-28921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28921"
    },
    {
      "name": "CVE-2024-26253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26253"
    },
    {
      "name": "CVE-2024-28943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28943"
    },
    {
      "name": "CVE-2024-29064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29064"
    },
    {
      "name": "CVE-2024-28901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28901"
    },
    {
      "name": "CVE-2024-26243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26243"
    },
    {
      "name": "CVE-2024-29062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29062"
    },
    {
      "name": "CVE-2024-26195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26195"
    },
    {
      "name": "CVE-2024-26231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26231"
    },
    {
      "name": "CVE-2024-26213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26213"
    },
    {
      "name": "CVE-2024-26219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26219"
    },
    {
      "name": "CVE-2024-26168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26168"
    },
    {
      "name": "CVE-2024-28934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28934"
    },
    {
      "name": "CVE-2024-26175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26175"
    },
    {
      "name": "CVE-2024-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26207"
    },
    {
      "name": "CVE-2024-26210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26210"
    },
    {
      "name": "CVE-2024-28936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28936"
    },
    {
      "name": "CVE-2024-26171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26171"
    },
    {
      "name": "CVE-2024-26255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26255"
    },
    {
      "name": "CVE-2024-26189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26189"
    },
    {
      "name": "CVE-2024-28924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28924"
    },
    {
      "name": "CVE-2024-28907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28907"
    },
    {
      "name": "CVE-2024-23594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23594"
    },
    {
      "name": "CVE-2024-26215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26215"
    },
    {
      "name": "CVE-2024-23593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23593"
    },
    {
      "name": "CVE-2024-26202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26202"
    },
    {
      "name": "CVE-2024-28938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28938"
    },
    {
      "name": "CVE-2024-28904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28904"
    },
    {
      "name": "CVE-2024-26230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26230"
    },
    {
      "name": "CVE-2024-26235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26235"
    },
    {
      "name": "CVE-2024-28929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28929"
    },
    {
      "name": "CVE-2024-20670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20670"
    },
    {
      "name": "CVE-2024-28898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28898"
    },
    {
      "name": "CVE-2024-28920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28920"
    },
    {
      "name": "CVE-2024-26221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26221"
    },
    {
      "name": "CVE-2024-26226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26226"
    },
    {
      "name": "CVE-2024-28931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28931"
    },
    {
      "name": "CVE-2022-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
    },
    {
      "name": "CVE-2024-29056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29056"
    },
    {
      "name": "CVE-2024-28900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28900"
    },
    {
      "name": "CVE-2024-29052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29052"
    },
    {
      "name": "CVE-2024-29988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29988"
    },
    {
      "name": "CVE-2024-26233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26233"
    },
    {
      "name": "CVE-2024-26229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26229"
    },
    {
      "name": "CVE-2024-26248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26248"
    },
    {
      "name": "CVE-2024-26158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26158"
    },
    {
      "name": "CVE-2024-26250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26250"
    },
    {
      "name": "CVE-2024-26241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26241"
    },
    {
      "name": "CVE-2024-28923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28923"
    },
    {
      "name": "CVE-2024-26228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26228"
    },
    {
      "name": "CVE-2024-26236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26236"
    },
    {
      "name": "CVE-2024-26245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26245"
    },
    {
      "name": "CVE-2024-28937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28937"
    },
    {
      "name": "CVE-2024-26200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26200"
    },
    {
      "name": "CVE-2024-26217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26217"
    },
    {
      "name": "CVE-2024-26256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
    },
    {
      "name": "CVE-2024-26209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26209"
    },
    {
      "name": "CVE-2024-29061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29061"
    },
    {
      "name": "CVE-2024-28922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28922"
    },
    {
      "name": "CVE-2024-26224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26224"
    },
    {
      "name": "CVE-2024-26218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26218"
    },
    {
      "name": "CVE-2024-26216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26216"
    },
    {
      "name": "CVE-2024-20665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20665"
    },
    {
      "name": "CVE-2024-20678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20678"
    },
    {
      "name": "CVE-2024-26172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26172"
    },
    {
      "name": "CVE-2024-26237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26237"
    },
    {
      "name": "CVE-2024-26208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26208"
    },
    {
      "name": "CVE-2024-26183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26183"
    },
    {
      "name": "CVE-2024-29050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29050"
    },
    {
      "name": "CVE-2024-26240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26240"
    },
    {
      "name": "CVE-2024-20689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20689"
    },
    {
      "name": "CVE-2024-26244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26244"
    },
    {
      "name": "CVE-2024-26212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26212"
    },
    {
      "name": "CVE-2024-28903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28903"
    },
    {
      "name": "CVE-2024-26205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26205"
    },
    {
      "name": "CVE-2024-26254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26254"
    },
    {
      "name": "CVE-2024-26220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26220"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26232 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29043 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28932 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28925 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26210 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29062 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26236 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26237 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26237"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26180 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28922 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28922"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29061 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28931 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21447 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26253 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26253"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26183 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26183"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26255 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26255"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28923 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28923"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26229 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26221 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-0001 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0001"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26227 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29988 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26205 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20689 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28938 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26224 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26158 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26175 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26244 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29050 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29050"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28897 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28897"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26220 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26220"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28937 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26240 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26217 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26217"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26242 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26242"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26218 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28921 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28921"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28907 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28902 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28902"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28903 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28903"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28920 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28943 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26171 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26171"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28941 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28905 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26213 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26213"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28934 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20665 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20665"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26216 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26231 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28900 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28900"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26228 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28935 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26215 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-23593 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-23593"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26214 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26248 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26248"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26254 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26226 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26226"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28930 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20693 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26208 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29056 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29056"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29066 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29066"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28896 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-23594 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-23594"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20678 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26207 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26207"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28919 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28919"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28904 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26252 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26252"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26241 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29052 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20669 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20669"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26172 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26172"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26194 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20688 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28898 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28898"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26200 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26239 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26189 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26219 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29064 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29064"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26256 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26202 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26243 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26243"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26195 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28924 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28924"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28936 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28901 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28901"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26233 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26179 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26222 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20670 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28929 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28933 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26250 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26250"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26230 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26168 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26168"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26211 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26209 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26209"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26234 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26212 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26223 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26235 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26235"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26245 du 09 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26245"
    }
  ],
  "reference": "CERTFR-2024-AVI-0289",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows du 09 avril 2024",
      "url": null
    }
  ]
}

CVE-2022-0001 (GCVE-0-2022-0001)

Vulnerability from cvelistv5 – Published: 2022-03-11 00:00 – Updated: 2025-05-05 16:44

Summary

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

information disclosure

Assigner

intel

References

5 references

URL	Tags
https://www.intel.com/content/www/us/en/security-…
http://www.openwall.com/lists/oss-security/2022/03/18/2	mailing-list
https://www.oracle.com/security-alerts/cpujul2022.html
https://security.netapp.com/advisory/ntap-2022081…
https://www.kb.cert.org/vuls/id/155143	third-party-advisory

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-01T16:11:32.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2022-0001-detect-specter-vulnerability?prevUrl=wizard"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2022-0001-mitigate-specter-vulnerability?prevUrl=wizard"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220818-0004/"
          },
          {
            "name": "VU#155143",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/155143"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-0001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:21:07.709784Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:44:34.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": " information disclosure ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-09T15:05:59.454Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220818-0004/"
        },
        {
          "name": "VU#155143",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/155143"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-0001",
    "datePublished": "2022-03-11T00:00:00.000Z",
    "dateReserved": "2021-10-15T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:44:34.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20665 (GCVE-0-2024-20665)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39

Title

BitLocker Security Feature Bypass Vulnerability

Summary

BitLocker Security Feature Bypass Vulnerability

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-693 - Protection Mechanism Failure

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

20 products

Vendor	Product	Version
Microsoft	Windows 10 Version 1809	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows 10 Version 1809	Affected: 10.0.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.2402 (custom)
Microsoft	Windows 11 version 21H2	Affected: 10.0.0 , < 10.0.22000.2899 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19043.0 , < 10.0.19044.4291 (custom)
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22621.3447 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.4291 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.830 (custom)
Microsoft	Windows 10 Version 1507	Affected: 10.0.10240.0 , < 10.0.10240.20596 (custom)
Microsoft	Windows 10 Version 1607	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2012	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 R2	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20665",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T14:13:52.487313Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T14:13:57.445Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "BitLocker Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2402",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2899",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.4291",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3447",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.4291",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.830",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20596",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2402",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2899",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.4291",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3447",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.4291",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.830",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20596",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "BitLocker Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:06.507Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "BitLocker Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20665"
        }
      ],
      "title": "BitLocker Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20665",
    "datePublished": "2024-04-09T17:00:37.626Z",
    "dateReserved": "2023-11-28T22:58:12.115Z",
    "dateUpdated": "2025-05-03T00:39:06.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20669 (GCVE-0-2024-20669)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39

Title

Secure Boot Security Feature Bypass Vulnerability

Summary

Secure Boot Security Feature Bypass Vulnerability

Severity

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-693 - Protection Mechanism Failure

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

20 products

Vendor	Product	Version
Microsoft	Windows 10 Version 1809	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows 10 Version 1809	Affected: 10.0.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.2402 (custom)
Microsoft	Windows 11 version 21H2	Affected: 10.0.0 , < 10.0.22000.2899 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19043.0 , < 10.0.19044.4291 (custom)
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22621.3447 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.4291 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.830 (custom)
Microsoft	Windows 10 Version 1507	Affected: 10.0.10240.0 , < 10.0.10240.20596 (custom)
Microsoft	Windows 10 Version 1607	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2012	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 R2	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20669",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T13:23:30.415601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:23.450Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Secure Boot Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20669"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2402",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2899",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.4291",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3447",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.4291",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.830",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20596",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2402",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2899",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.4291",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3447",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.4291",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.830",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20596",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Secure Boot Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:05.459Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Secure Boot Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20669"
        }
      ],
      "title": "Secure Boot Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20669",
    "datePublished": "2024-04-09T17:00:06.106Z",
    "dateReserved": "2023-11-28T22:58:12.116Z",
    "dateUpdated": "2025-05-03T00:39:05.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20670 (GCVE-0-2024-20670)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40

Title

Outlook for Windows Spoofing Vulnerability

Summary

Outlook for Windows Spoofing Vulnerability

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Microsoft	Outlook for Windows	Affected: 1.0.0 , < 1.2023.0322.0100 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20670",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-18T15:42:58.374576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T15:33:14.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Outlook for Windows Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Outlook for Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.2023.0322.0100",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook_for_windows:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2023.0322.0100",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Outlook for Windows Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:40:26.557Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Outlook for Windows Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670"
        }
      ],
      "title": "Outlook for Windows Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20670",
    "datePublished": "2024-04-09T17:01:24.844Z",
    "dateReserved": "2023-11-28T22:58:12.116Z",
    "dateUpdated": "2025-05-03T00:40:26.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20678 (GCVE-0-2024-20678)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39

Title

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Summary

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

25 products

Vendor	Product	Version
Microsoft	Windows 10 Version 1809	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows 10 Version 1809	Affected: 10.0.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.2402 (custom)
Microsoft	Windows 11 version 21H2	Affected: 10.0.0 , < 10.0.22000.2899 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19043.0 , < 10.0.19044.4291 (custom)
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22621.3447 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.4291 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.830 (custom)
Microsoft	Windows 10 Version 1507	Affected: 10.0.10240.0 , < 10.0.10240.20596 (custom)
Microsoft	Windows 10 Version 1607	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.6003.0 , < 6.0.6003.22618 (custom)
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	Affected: 6.0.6003.0 , < 6.0.6003.22618 (custom)
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.6003.0 , < 6.0.6003.22618 (custom)
Microsoft	Windows Server 2008 R2 Service Pack 1	Affected: 6.1.7601.0 , < 6.1.7601.27067 (custom)
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)	Affected: 6.1.7601.0 , < 6.1.7601.27067 (custom)
Microsoft	Windows Server 2012	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 R2	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Remote Procedure Call Runtime Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20678",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:56:03.293672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T17:35:17.900Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2402",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2899",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.4291",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3447",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.4291",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.830",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20596",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22618",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22618",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22618",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.27067",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.27067",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2402",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2899",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.4291",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3447",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.4291",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.830",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20596",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22618",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22618",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.0.6003.22618",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.27067",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.27067",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Remote Procedure Call Runtime Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:07.415Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Remote Procedure Call Runtime Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678"
        }
      ],
      "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20678",
    "datePublished": "2024-04-09T17:00:36.958Z",
    "dateReserved": "2023-11-28T22:58:12.117Z",
    "dateUpdated": "2025-05-03T00:39:07.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20688 (GCVE-0-2024-20688)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39

Title

Secure Boot Security Feature Bypass Vulnerability

Summary

Secure Boot Security Feature Bypass Vulnerability

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Microsoft	Windows Server 2012	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 R2	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20688",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-11T17:33:27.787531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T18:10:38.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Secure Boot Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Secure Boot Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:03.313Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Secure Boot Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688"
        }
      ],
      "title": "Secure Boot Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20688",
    "datePublished": "2024-04-09T17:00:06.842Z",
    "dateReserved": "2023-11-28T22:58:12.118Z",
    "dateUpdated": "2025-05-03T00:39:03.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20689 (GCVE-0-2024-20689)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39

Title

Secure Boot Security Feature Bypass Vulnerability

Summary

Secure Boot Security Feature Bypass Vulnerability

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Microsoft	Windows Server 2012	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.9200.0 , < 6.2.9200.24821 (custom)
Microsoft	Windows Server 2012 R2	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.9600.0 , < 6.3.9600.21924 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20689",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:17:22.819857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T17:36:45.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Secure Boot Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24821",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21924",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24821",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21924",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Secure Boot Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:37.606Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Secure Boot Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689"
        }
      ],
      "title": "Secure Boot Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20689",
    "datePublished": "2024-04-09T17:00:07.600Z",
    "dateReserved": "2023-11-28T22:58:12.118Z",
    "dateUpdated": "2025-05-03T00:39:37.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20693 (GCVE-0-2024-20693)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39

Title

Windows Kernel Elevation of Privilege Vulnerability

Summary

Windows Kernel Elevation of Privilege Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-426 - Untrusted Search Path

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

16 products

Vendor	Product	Version
Microsoft	Windows 10 Version 1809	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows 10 Version 1809	Affected: 10.0.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.17763.0 , < 10.0.17763.5696 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.2402 (custom)
Microsoft	Windows 11 version 21H2	Affected: 10.0.0 , < 10.0.22000.2899 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19043.0 , < 10.0.19044.4291 (custom)
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22621.3447 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.4291 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.830 (custom)
Microsoft	Windows 10 Version 1507	Affected: 10.0.10240.0 , < 10.0.10240.20596 (custom)
Microsoft	Windows 10 Version 1607	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.14393.0 , < 10.0.14393.6897 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20693",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T15:52:00.879879Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:17.964Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.343Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Kernel Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5696",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2402",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2899",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.4291",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3447",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.4291",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.830",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20596",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6897",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5696",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2402",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2899",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.4291",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3447",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.4291",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.830",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20596",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6897",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Kernel Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:04.220Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Kernel Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693"
        }
      ],
      "title": "Windows Kernel Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20693",
    "datePublished": "2024-04-09T17:00:38.227Z",
    "dateReserved": "2023-11-28T22:58:12.120Z",
    "dateUpdated": "2025-05-03T00:39:04.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21447 (GCVE-0-2024-21447)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39

Title

Windows Authentication Elevation of Privilege Vulnerability

Summary

Windows Authentication Elevation of Privilege Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

8 products

Vendor	Product	Version
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.2402 (custom)
Microsoft	Windows 11 version 21H2	Affected: 10.0.0 , < 10.0.22000.2899 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19043.0 , < 10.0.19044.4291 (custom)
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22621.3447 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.4291 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.3447 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.830 (custom)

Date Public

2024-04-09 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T18:50:33.903551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T17:25:04.855Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Authentication Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2402",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2899",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.4291",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3447",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.4291",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3447",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.830",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2402",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2899",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.4291",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3447",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.4291",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3447",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.830",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Authentication Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:08.896Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Authentication Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447"
        }
      ],
      "title": "Windows Authentication Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21447",
    "datePublished": "2024-04-09T17:00:40.552Z",
    "dateReserved": "2023-12-08T22:45:21.305Z",
    "dateUpdated": "2025-05-03T00:39:08.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23593 (GCVE-0-2024-23593)

Vulnerability from cvelistv5 – Published: 2024-04-15 18:01 – Updated: 2024-08-01 23:06

Summary

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.

Severity

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

lenovo

References

1 reference

URL	Tags
https://support.lenovo.com/us/en/product_security…

Impacted products

1 product

Vendor	Product	Version
Lenovo	Windows 7 and 8 PC Preloads	Affected: various

Credits

Lenovo thanks Zammis Clark for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-30T19:56:00.765249Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:57.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:25.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-132277"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Windows 7 and 8 PC Preloads",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lenovo thanks Zammis Clark for reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA vulnerability was reported\n\nin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014\n\n that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. \n\n"
            }
          ],
          "value": "\nA vulnerability was reported\n\nin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014\n\n that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. \n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-15T18:01:13.650Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-132277"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConcerned customers can follow Microsoft\u0027s guidance to apply the April 9, 2024 Windows security updates. Please refer to KB5025885 to enable the latest protections:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d\"\u003ehttps://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocatio...\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "\nConcerned customers can follow Microsoft\u0027s guidance to apply the April 9, 2024 Windows security updates. Please refer to KB5025885 to enable the latest protections:\u00a0 https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocatio... https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d \n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2024-23593",
    "datePublished": "2024-04-15T18:01:13.650Z",
    "dateReserved": "2024-01-18T15:28:42.477Z",
    "dateUpdated": "2024-08-01T23:06:25.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0289

Solution

CVE-2022-0001 (GCVE-0-2022-0001)

CVE-2024-20665 (GCVE-0-2024-20665)

CVE-2024-20669 (GCVE-0-2024-20669)

CVE-2024-20670 (GCVE-0-2024-20670)

CVE-2024-20678 (GCVE-0-2024-20678)

CVE-2024-20688 (GCVE-0-2024-20688)

CVE-2024-20689 (GCVE-0-2024-20689)

CVE-2024-20693 (GCVE-0-2024-20693)

CVE-2024-21447 (GCVE-0-2024-21447)

CVE-2024-23593 (GCVE-0-2024-23593)

Tags

Sightings

Nomenclature