JOHLEM.NET



Title Link Description
CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability Link Updated one or more CVSS scores for the affected products. This is an informational change only.
Chromium: CVE-2024-5841 Use after free in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5837 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5833 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5834 Inappropriate implementation in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5843 Inappropriate implementation in Downloads Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5831 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5840 Policy Bypass in CORS Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5842 Use after free in Browser UI Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5838 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5832 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5830 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Link Corrected Fixed Build Number and Download links in the Security Updates table. This is an informational change only.
CVE-2024-30058 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Information published.
CVE-2024-30057 Microsoft Edge for iOS Spoofing Vulnerability Link Information published.
Chromium: CVE-2024-5846 Use after free in PDFium Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5847 Use after free in PDFium Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5845 Use after free in Audio Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Information published.
CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Link Added an FAQ. This is an information change only.
CVE-2024-30069 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability Link Information published.
CVE-2024-30072 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Link Information published.
CVE-2024-30074 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Link Information published.
CVE-2024-30075 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Link Information published.
CVE-2024-30076 Windows Container Manager Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30077 Windows OLE Remote Code Execution Vulnerability Link Information published.
CVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30082 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Link Updated acknowledgment. This is an informational change only.
CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Link In the Security Updates table, removed Microsoft Authentication Library (MSAL) for Python as it is not affected by CVE-2024-35255.
CVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU Link Information published.
CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM Link Information published.
CVE-2024-29060 Visual Studio Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30062 Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability Link Information published.
CVE-2024-30063 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30064 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30065 Windows Themes Denial of Service Vulnerability Link Information published.
CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30068 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Link Information published.
CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Link Updated acknowledgment. This is an informational change only.
CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Link Updated acknowledgment. This is an informational change only.
CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Link Updated acknowledgment. This is an informational change only.
CVE-2024-30087 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30088 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30091 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30093 Windows Storage Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30095 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30096 Windows Cryptographic Services Information Disclosure Vulnerability Link Information published.
CVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30099 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30100 Microsoft SharePoint Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-30101 Microsoft Office Remote Code Execution Vulnerability Link Information published.
CVE-2024-30102 Microsoft Office Remote Code Execution Vulnerability Link Information published.
CVE-2024-30103 Microsoft Outlook Remote Code Execution Vulnerability Link Information published.
CVE-2024-30104 Microsoft Office Remote Code Execution Vulnerability Link Information published.
CVE-2024-35248 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability Link Information published.
CVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability Link Information published.
CVE-2024-35252 Azure Storage Movement Client Library Denial of Service Vulnerability Link Information published.
CVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege Vulnerability Link Information published.
CVE-2024-35254 Azure Monitor Agent Elevation of Privilege Vulnerability Link Information published.
CVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Link Information published.
CVE-2024-35265 Windows Perception Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30052 Visual Studio Remote Code Execution Vulnerability Link Information published.
CVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Link Information published.
CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Link Information published.
Chromium: CVE-2024-5498 Use after free in Presentation API Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5499 Out of bounds write in Streams API Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5495 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5496 Use after free in Media Session Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5494 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5159 Heap buffer overflow in ANGLE Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5157 Use after free in Scheduling Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5158 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-5274 Type Confusion in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware that an exploit for CVE-2024-5274 exists in the wild.
Chromium: CVE-2024-5160 Heap buffer overflow in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-30060 Azure Monitor Agent Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability Link Updated acknowledgment. This is an informational change only.
CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Removed one of the FAQs. This is an information change only.
CVE-2024-30017 Windows Hyper-V Remote Code Execution Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability Link Added an FAQ and updated the CVSS score. This is an informational change only.
CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability Link Updated FAQ information. This is an informational change only.
CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Updated CWE value. This is an informational change only.
CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability Link Updated the build numbers. This is an informational update only.
CVE-2024-30046 Visual Studio Denial of Service Vulnerability Link The following corrctions have been made: 1) Revised the Security Updates table to include .NET 7.0 and .NET 8.0 because these versions of .NET are affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. 2) Updated title to include .NET. This is an informational change only.
CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability Link Updated acknowledgment. This is an informational change only.
CVE-2024-32002 CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution Link Information published.
CVE-2024-29996 Windows Common Log File System Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29997 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-29998 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-29999 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30000 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30001 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30002 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30003 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30004 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30005 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-30007 Microsoft Brokering File System Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30008 Windows DWM Core Library Information Disclosure Vulnerability Link Information published.
CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30010 Windows Hyper-V Remote Code Execution Vulnerability Link Information published.
CVE-2024-30011 Windows Hyper-V Denial of Service Vulnerability Link Information published.
CVE-2024-30012 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30014 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30015 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30016 Windows Cryptographic Services Information Disclosure Vulnerability Link Information published.
CVE-2024-30017 Windows Hyper-V Remote Code Execution Vulnerability Link Information published.
CVE-2024-30018 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30019 DHCP Server Service Denial of Service Vulnerability Link Information published.
CVE-2024-30020 Windows Cryptographic Services Remote Code Execution Vulnerability Link Information published.
CVE-2024-30021 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-30022 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30023 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability Link Information published.
CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability Link Information published.
CVE-2024-30059 Microsoft Intune for Android Mobile Application Management Tampering Vulnerability Link Information published.
CVE-2024-26238 Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29994 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30024 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30025 Windows Common Log File System Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30027 NTFS Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30028 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30029 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-30030 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30031 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30032 Windows DWM Core Library Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30033 Windows Search Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30034 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Link Information published.
CVE-2024-30035 Windows DWM Core Library Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30036 Windows Deployment Services Information Disclosure Vulnerability Link Information published.
CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30038 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30039 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability Link Information published.
CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability Link Information published.
CVE-2024-30042 Microsoft Excel Remote Code Execution Vulnerability Link Information published.
CVE-2024-30043 Microsoft SharePoint Server Information Disclosure Vulnerability Link Information published.
CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability Link Information published.
CVE-2024-30046 Visual Studio Denial of Service Vulnerability Link Information published.
CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability Link Information published.
CVE-2024-30048 Dynamics 365 Customer Insights Spoofing Vulnerability Link Information published.
CVE-2024-30049 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Link Information published.
CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability Link Information published.
CVE-2024-32004 GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories Link Information published.
CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability Link Information published.
Chromium: CVE-2024-4761 Out of bounds write in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware that an exploit for CVE-2024-4761 exists in the wild.
CVE-2024-28902 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024.
CVE-2024-23593 Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges Link Updated CVE title and CVSS scores per request from CNA (Lenovo). This is an informational change only.
CVE-2024-26207 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024.
CVE-2024-26211 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Link CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024.
CVE-2024-26217 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024.
CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link CVE re-released to address a regression introduced in the April 2024 security updates. Customers affected by the regression should install the security updates released on May 14, 2024.
Chromium: CVE-2024-4671 Use after free in Visuals Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware that an exploit for CVE-2024-4671 exists in the wild.
Chromium: CVE-2024-4558 Use after free in ANGLE Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Information published.
CVE-2024-29059 .NET Framework Information Disclosure Vulnerability Link The following corrections have been made in the Security Updates table: 1) Removed .NET Framework 3.5 and 4.7.2 on Windows 10 version 1809 for ARM-based systems, .NET Framework 3.5 and 4.7/4.7.1/4.7.2 on Windows 10 version 1607 as these versions are not affected by this vulnerability. 2) Added .NET Framework 3.5 & 4.8 on Windows 10 version 1809 and Windows Server 2019, .NET Framework 3.5 and 4.7.2 on Windows 10 version 1607. Customers whose systems are configured to receive automatic updates do not need to take any further action. 3) Corrected Download and Article links.
CVE-2023-24948 Windows Bluetooth Driver Elevation of Privilege Vulnerability Link Added an acknowledgement. This is an informational change only.
Chromium: CVE-2024-4331 Use after free in Picture In Picture Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-4368 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-4058 Type Confusion in ANGLE Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-4060 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-4059 Out of bounds read in V8 API Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability Link Microsoft is announcing the release of a new version of the Microsoft Exchange Server updates to address all known issues that were identified in the March 2024 Security Updates. Microsoft strongly recommends installing these new updates to address the vulnerability identified by CVE-2024-26198.
CVE-2024-29991 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Link Information published.
CVE-2024-21409 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Link Added an FAQ to indicate that for .NET 7.0 and .NET 8.0., Windows is the only operating system affected by this vulnerability. For more information see [Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/303). This is an informational change only.
CVE-2024-28906 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28908 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28909 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28910 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28911 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28912 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28913 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28914 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28915 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28929 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28931 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28932 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28936 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28939 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28942 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28945 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29043 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29045 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29047 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
Chromium: CVE-2024-3832 Object corruption in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3914 Use after free in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3833 Object corruption in WebAssembly Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3834 Use after free in Downloads Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3837 Use after free in QUIC Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3838 Inappropriate implementation in Autofill Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3839 Out of bounds read in Fonts Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3840 Insufficient policy enforcement in Site Isolation Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3844 Inappropriate implementation in Extensions Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3845 Inappropriate implementation in Network Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3843 Insufficient data validation in Downloads Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3847 Insufficient policy enforcement in WebUI Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3846 Inappropriate implementation in Prompts Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-28926 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28927 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28930 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28933 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28934 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28935 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28937 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28938 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28940 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28941 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28943 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-28944 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29044 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29046 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29048 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29982 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29983 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29984 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29985 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Link Corrected Cumulative Update version numbers and reference KB numbers in the FAQ: "There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?" These are informational changes only.
CVE-2024-29987 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Link Information published.
CVE-2024-29986 Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Link Information published.
CVE-2024-26257 Microsoft Excel Remote Code Execution Vulnerability Link Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
Chromium: CVE-2024-3157 Out of bounds write in Compositing Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3515 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2022-0001 Intel: CVE-2022-0001 Branch History Injection Link Updated CWE value. This is an informational change only.
CVE-2024-21322 Microsoft Defender for IoT Remote Code Execution Vulnerability Link Added FAQ information. This is an informational change only.
CVE-2024-21323 Microsoft Defender for IoT Remote Code Execution Vulnerability Link Added an FAQ. This is an information change only.
CVE-2024-21324 Microsoft Defender for IoT Elevation of Privilege Vulnerability Link Added an FAQ. This is an information change only.
CVE-2024-26234 Proxy Driver Spoofing Vulnerability Link Added acknowledgements. This is an informational change only.
CVE-2024-29053 Microsoft Defender for IoT Remote Code Execution Vulnerability Link Added an FAQ. This is an information change only.
CVE-2024-29055 Microsoft Defender for IoT Elevation of Privilege Vulnerability Link Added an FAQ. This is an information change only.
CVE-2024-29054 Microsoft Defender for IoT Elevation of Privilege Vulnerability Link Added an FAQ. This is an information change only.
CVE-2024-26193 Azure Migrate Remote Code Execution Vulnerability Link Information published.
CVE-2024-20688 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20693 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-20669 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20665 BitLocker Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20678 Remote Procedure Call Runtime Remote Code Execution Vulnerability Link Information published.
CVE-2024-21424 Azure Compute Gallery Elevation of Privilege Vulnerability Link Information published.
CVE-2024-21447 Windows Authentication Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26250 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26252 Windows rndismp6.sys Remote Code Execution Vulnerability Link Information published.
CVE-2024-26253 Windows rndismp6.sys Remote Code Execution Vulnerability Link Information published.
CVE-2024-26254 Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability Link Information published.
CVE-2024-26255 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-26256 libarchive Remote Code Execution Vulnerability Link Information published.
CVE-2024-26172 Windows DWM Core Library Information Disclosure Vulnerability Link Information published.
CVE-2024-26179 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-26200 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-26205 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-26158 Microsoft Install Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26232 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Link Information published.
CVE-2024-28920 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28922 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28921 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28919 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28896 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28898 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28901 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-28902 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-28903 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28905 Microsoft Brokering File System Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29050 Windows Cryptographic Services Remote Code Execution Vulnerability Link Information published.
CVE-2024-29063 Azure AI Search Information Disclosure Vulnerability Link Information published.
CVE-2024-29064 Windows Hyper-V Denial of Service Vulnerability Link Information published.
CVE-2024-29066 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Link Information published.
CVE-2024-20685 Azure Private 5G Core Denial of Service Vulnerability Link Information published.
CVE-2024-23593 Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell Link Information published.
CVE-2024-23594 Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager Link Corrected CVE title. This is an informational change only.
CVE-2024-29988 SmartScreen Prompt Security Feature Bypass Vulnerability Link Information published.
CVE-2024-29990 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Link Information published.
ADV990001 Latest Servicing Stack Updates Link Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2024-20689 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26168 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26171 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26175 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26180 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26183 Windows Kerberos Denial of Service Vulnerability Link Information published.
CVE-2024-26189 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26194 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26195 DHCP Server Service Remote Code Execution Vulnerability Link Information published.
CVE-2024-26202 DHCP Server Service Remote Code Execution Vulnerability Link Information published.
CVE-2024-26209 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Link Information published.
CVE-2024-26218 Windows Kernel Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26219 HTTP.sys Denial of Service Vulnerability Link Information published.
CVE-2024-26220 Windows Mobile Hotspot Information Disclosure Vulnerability Link Information published.
CVE-2024-26221 Windows DNS Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26222 Windows DNS Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26223 Windows DNS Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26224 Windows DNS Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26227 Windows DNS Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26231 Windows DNS Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26233 Windows DNS Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26241 Win32k Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26243 Windows USB Print Driver Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26248 Windows Kerberos Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26210 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26229 Windows CSC Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26235 Windows Update Stack Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26236 Windows Update Stack Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26237 Windows Defender Credential Guard Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26242 Windows Telephony Server Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26244 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability Link Information published.
CVE-2024-26245 Windows SMB Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26207 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-26208 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Link Information published.
CVE-2024-26211 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26212 DHCP Server Service Denial of Service Vulnerability Link Information published.
CVE-2024-26213 Microsoft Brokering File System Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26214 Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability Link Information published.
CVE-2024-26215 DHCP Server Service Denial of Service Vulnerability Link Information published.
CVE-2024-26216 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26217 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-26226 Windows Distributed File System (DFS) Information Disclosure Vulnerability Link Information published.
CVE-2024-26228 Windows Cryptographic Services Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26230 Windows Telephony Server Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26239 Windows Telephony Server Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26240 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-26251 Microsoft SharePoint Server Spoofing Vulnerability Link Information published.
CVE-2024-28924 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28925 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28897 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability Link Information published.
CVE-2024-28904 Microsoft Brokering File System Elevation of Privilege Vulnerability Link Information published.
CVE-2024-28907 Microsoft Brokering File System Elevation of Privilege Vulnerability Link Information published.
CVE-2024-28917 Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29052 Windows Storage Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29056 Windows Authentication Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29061 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-29062 Secure Boot Security Feature Bypass Vulnerability Link Information published.
CVE-2024-20670 Outlook for Windows Spoofing Vulnerability Link Information published.
CVE-2024-29989 Azure Monitor Agent Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29992 Azure Identity Library for .NET Information Disclosure Vulnerability Link Information published.
CVE-2024-29993 Azure CycleCloud Elevation of Privilege Vulnerability Link Information published.
CVE-2024-29981 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Information published.
Chromium: CVE-2024-3156 Inappropriate implementation in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3158 Use after free in Bookmarks Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-3159 Out of bounds memory access in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-29049 Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability Link Information published.
Chromium: CVE-2024-2883 Use after free in ANGLE Link Removed the sentence regarding active attacks because Google was not aware of active attacks using this vulnerability. This is an informational change only.
Chromium: CVE-2024-2883 Use after free in ANGLE Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware that an exploit for CVE-2024-2883 exists in the wild.
Chromium: CVE-2024-2885 Use after free in Dawn Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2886 Use after free in WebCodecs Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2887 Type Confusion in WebAssembly Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-29059 .NET Framework Information Disclosure Vulnerability Link Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action.
CVE-2024-28916 Xbox Gaming Services Elevation of Privilege Vulnerability Link Information published.
CVE-2024-26247 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Link Information published.
CVE-2024-29057 Microsoft Edge (Chromium-based) Spoofing Vulnerability Link Information published.
Chromium: CVE-2024-2625 Object lifecycle issue in V8 Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2626 Out of bounds read in Swiftshader Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2627 Use after free in Canvas Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2628 Inappropriate implementation in Downloads Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2629 Incorrect security UI in iOS Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2630 Inappropriate implementation in iOS Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-2631 Inappropriate implementation in iOS Link This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability Link The security update 1.38 for Azure Connected Machine Agent is now available. See the Security Updates table for more information.
CVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Link In the Security Updates table, added Microsoft Edge (Chromium-based) Extended Stable because this versions of Microsoft Edge (Chromium-based) is also affected by this vulnerability. Microsoft strongly recommends that customers running Microsoft Edge (Chromium-based) install the updates to be fully protected from the vulnerability.
CVE-2024-26246 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Link Updated CVE Tag. This is an informational change only.