CERTFR-2024-AVI-0761

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Microsoft N/A Microsoft SharePoint Server 2019 versions antérieures à 16.0.10414.20002
Microsoft N/A Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5465.1001
Microsoft N/A Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2120.1
Microsoft N/A Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17928.20086
Microsoft N/A Microsoft SQL Server 2022 pour systèmes x64 (CU 14) versions antérieures à 16.0.4140.3
Microsoft N/A Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6445.1
Microsoft N/A Microsoft Visio 2016 (édition 64 bits) versions antérieures à 16.0.5465.1001
Microsoft N/A Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2060.1
Microsoft N/A Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7040.1
Microsoft N/A Microsoft SQL Server 2019 pour systèmes x64 (CU 28) versions antérieures à 15.0.4390.2
Microsoft N/A Microsoft AutoUpdate pour Mac versions antérieures à 4.72
Microsoft N/A Power Automate pour Desktop versions antérieures à 2.47.119.24249
Microsoft N/A Microsoft Dynamics 365 Business Central 2023 Release Wave 2 versions antérieures à App Build 24.4. 22925, Platform Build 24.0. 22865
Microsoft N/A Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.32
Microsoft N/A Microsoft Dynamics 365 Business Central 2024 Release Wave 1 versions antérieures à App Build 23.10.22604, Platform Build 23.0.22561
Microsoft N/A Microsoft Visio 2016 (édition 32 bits) versions antérieures à 16.0.5465.1001
Microsoft N/A Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3475.1
Microsoft N/A Microsoft Dynamics 365 Business Central 2023 Release Wave 1 versions antérieures à App Build 22.16.64731, Platform Build 22.0.64727
Microsoft N/A Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1125.1
References
Bulletin de sécurité Microsoft CVE-2024-37335 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38225 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-43474 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-43476 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37337 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38228 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-43463 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37342 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38018 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37980 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-26186 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37965 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37340 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37339 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-43466 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37966 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37338 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-43479 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38227 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-43464 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-26191 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-37341 2024-09-10 vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-43492 2024-09-10 vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10414.20002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5465.1001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2120.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17928.20086",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 14) versions ant\u00e9rieures \u00e0 16.0.4140.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6445.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5465.1001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2060.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7040.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 28) versions ant\u00e9rieures \u00e0 15.0.4390.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft AutoUpdate pour Mac versions ant\u00e9rieures \u00e0 4.72",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Power Automate pour Desktop versions ant\u00e9rieures \u00e0 2.47.119.24249",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2 versions ant\u00e9rieures \u00e0 App Build 24.4. 22925, Platform Build 24.0. 22865",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 9.1.32",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1 versions ant\u00e9rieures \u00e0 App Build 23.10.22604, Platform Build 23.0.22561",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5465.1001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3475.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1 versions ant\u00e9rieures \u00e0 App Build 22.16.64731, Platform Build 22.0.64727",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1125.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43479"
    },
    {
      "name": "CVE-2024-37965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37965"
    },
    {
      "name": "CVE-2024-37335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37335"
    },
    {
      "name": "CVE-2024-37966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37966"
    },
    {
      "name": "CVE-2024-26191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26191"
    },
    {
      "name": "CVE-2024-38225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38225"
    },
    {
      "name": "CVE-2024-43463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43463"
    },
    {
      "name": "CVE-2024-38228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38228"
    },
    {
      "name": "CVE-2024-43464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43464"
    },
    {
      "name": "CVE-2024-37980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37980"
    },
    {
      "name": "CVE-2024-43474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43474"
    },
    {
      "name": "CVE-2024-37339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37339"
    },
    {
      "name": "CVE-2024-43492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43492"
    },
    {
      "name": "CVE-2024-43476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43476"
    },
    {
      "name": "CVE-2024-38018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38018"
    },
    {
      "name": "CVE-2024-37337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37337"
    },
    {
      "name": "CVE-2024-38227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38227"
    },
    {
      "name": "CVE-2024-37338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37338"
    },
    {
      "name": "CVE-2024-37340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37340"
    },
    {
      "name": "CVE-2024-26186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26186"
    },
    {
      "name": "CVE-2024-37341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37341"
    },
    {
      "name": "CVE-2024-37342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37342"
    },
    {
      "name": "CVE-2024-43466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43466"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0761",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37335",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38225",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43474",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43474"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43476",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43476"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37337",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38228",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38228"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43463",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43463"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37342",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37342"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38018",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37980",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26186"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37965",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37965"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37340",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37339",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37339"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43466",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43466"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37966",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37966"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37338",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43479",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43479"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38227",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38227"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43464",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43464"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26191",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26191"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37341",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43492",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43492"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.