OCTOBER 2024 - Critical Security Vulnerabilities in Microsoft
In October 2024, a series of severe security vulnerabilities were identified in various software and systems. These vulnerabilities, particularly affecting Microsoft products, pose significant risks such as remote code execution, denial of service (DoS), and authentication errors. Below is a summary of these vulnerabilities, including brief descriptions and their severity levels.
CVE-2024-43560 - Windows Storage Port Driver Privilege Escalation
Issue: Privilege escalation vulnerability in Microsoft Windows Storage Port Driver.
Affected Systems: Microsoft Windows
Description: The Windows Storage Port Driver is at risk of privilege escalation.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 7.8)
CVE-2024-43544 - SCEP Service DoS Vulnerability
Issue: Denial of Service (DoS) vulnerability in Microsoft Simple Certificate Enrollment Protocol (SCEP) Service.
Affected Systems: Microsoft Windows
Description: This vulnerability could render the Microsoft SCEP service inoperable.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 7.5)
CVE-2024-43541 - SCEP Service DoS Vulnerability
Issue: Denial of Service (DoS) vulnerability in Microsoft Simple Certificate Enrollment Protocol (SCEP) Service.
Affected Systems: Microsoft Windows
Description: Similar to CVE-2024-43544, this vulnerability targets the SCEP service, potentially causing disruptions.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 7.5)
CVE-2024-43519 - WDAC OLE DB SQL Server Remote Code Execution
Issue: Remote Code Execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server.
Affected Systems: Microsoft SQL Server
Description: This vulnerability allows remote code execution via the WDAC OLE DB provider.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 8.8)
CVE-2024-43517 - ActiveX Data Objects Remote Code Execution
Issue: Remote Code Execution vulnerability in Microsoft ActiveX Data Objects.
Affected Systems: Microsoft Windows
Description: Exploits using ActiveX data objects can enable remote code execution.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 8.8)
CVE-2024-43505 - Office Visio Remote Code Execution
Issue: Remote Code Execution vulnerability in Microsoft Office Visio.
Affected Systems: Microsoft Office Visio
Description: This vulnerability in Microsoft Office Visio allows remote code execution.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 7.8)
CVE-2024-43504 - Excel Remote Code Execution
Issue: Remote Code Execution vulnerability in Microsoft Excel.
Affected Systems: Microsoft Excel
Description: This vulnerability enables remote code execution in Excel.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 7.8)
CVE-2024-43503 - SharePoint Privilege Escalation
Issue: Privilege escalation vulnerability in Microsoft SharePoint.
Affected Systems: Microsoft SharePoint
Description: This vulnerability increases the risk of privilege escalation through SharePoint.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 7.8)
CVE-2024-43468 - Configuration Manager Remote Code Execution
Issue: Remote Code Execution vulnerability in Microsoft Configuration Manager.
Affected Systems: Microsoft Configuration Manager
Description: This vulnerability allows remote code execution through Configuration Manager.
Publication Date: October 8, 2024
Threat Level: Critical (V3.1: 9.8)
CVE-2024-38029 - OpenSSH Windows Remote Code Execution
Issue: Remote Code Execution vulnerability in Microsoft OpenSSH for Windows.
Affected Systems: Microsoft Windows OpenSSH
Description: This vulnerability permits remote code execution using OpenSSH on Windows.
Publication Date: October 8, 2024
Threat Level: High (V3.1: 7.5)