NCSC NL | Beveiligingsadviezen

Beveilingsadvies; NCSC-2024-0392 [1.0.0]

Beveiligingsadvies: NCSC-2024-0392 [1.0.0]
Publicatie: 08-10-2024 21:55 (Europe/Amsterdam)
Prioriteit: Normaal
Betreft: Kwetsbaarheden verholpen in Microsoft Windows

Kenmerken

Sensitive Data Storage in Improperly Locked Memory
Numeric Truncation Error
Incorrect Access of Indexable Resource ('Range Error')
Not Failing Securely ('Failing Open')
Free of Memory not on the Heap
Incorrect Check of Function Return Value
Improper Link Resolution Before File Access ('Link Following')
Improper Removal of Sensitive Information Before Storage or Transfer
Improper Restriction of Communication Channel to Intended Endpoints
Untrusted Pointer Dereference
Buffer Over-read
Improper Neutralization
Time-of-check Time-of-use (TOCTOU) Race Condition
Double Free
Use of Uninitialized Resource
URL Redirection to Untrusted Site ('Open Redirect')
Observable Discrepancy
Missing Cryptographic Step
Integer Overflow or Wraparound
Protection Mechanism Failure
Execution with Unnecessary Privileges
Improper Authorization
Out-of-bounds Read
Missing Authorization
Improper Access Control
Use After Free
NULL Pointer Dereference
Improper Certificate Validation
Inclusion of Functionality from Untrusted Control Sphere
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
Heap-based Buffer Overflow
Stack-based Buffer Overflow
External Control of File Name or Path
Loop with Unreachable Exit Condition ('Infinite Loop')
Improper Input Validation
Improper Authentication
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Omschrijving

Microsoft heeft kwetsbaarheden verholpen in Windows.

Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot onderstaande categorieën schade.

De ernstigste kwetsbaarheid heeft kenmerk CVE-2024-38124 toegewezen gekregen en bevindt zich in de NETLOGON functionaliteit. Succesvol misbruik is echter niet eenvoudig en vereist voorafgaande kennis van de infrastructuur en precieze timing, waarbij een randvoorwaarde van succes is dat er een nieuwe Domain Controller wordt ingericht.

Microsoft Simple Certificate Enrollment Protocol: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43541 | 7.50 | Denial-of-Service                   | 
| CVE-2024-43544 | 7.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Windows cURL Implementation: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-6197  | 8.80 | Uitvoeren van willekeurige code,    | 
|----------------|------|-------------------------------------|

Windows Secure Channel: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43550 | 7.40 | Voordoen als andere gebruiker       | 
|----------------|------|-------------------------------------|

Windows Remote Desktop: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43582 | 8.10 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Microsoft ActiveX: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43517 | 8.80 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Windows Telephony Server: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43518 | 8.80 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Windows Remote Desktop Services: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43456 | 4.80 | Manipuleren van gegevens            | 
|----------------|------|-------------------------------------|

Windows MSHTML Platform: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43573 | 6.50 | Voordoen als andere gebruiker       | 
|----------------|------|-------------------------------------|

Windows Mobile Broadband: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43525 | 6.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43526 | 6.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43537 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43538 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43540 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43542 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43543 | 6.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43523 | 6.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43524 | 6.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43536 | 6.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43555 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43557 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43558 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43559 | 6.50 | Denial-of-Service                   | 
| CVE-2024-43561 | 6.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Windows Standards-Based Storage Management Service: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43512 | 6.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Microsoft WDAC OLE DB provider for SQL: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43519 | 8.80 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Remote Desktop Client: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43533 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43599 | 8.80 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Windows Kernel-Mode Drivers: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43535 | 7.00 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-43554 | 5.50 | Toegang tot gevoelige gegevens      | 
|----------------|------|-------------------------------------|

Code Integrity Guard: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43585 | 5.50 | Omzeilen van beveiligingsmaatregel  | 
|----------------|------|-------------------------------------|

Windows Print Spooler Components: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43529 | 7.30 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Resilient File System (ReFS): 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43500 | 5.50 | Toegang tot gevoelige gegevens      | 
|----------------|------|-------------------------------------|

Microsoft Management Console: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43572 | 7.80 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

RPC Endpoint Mapper Service: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43532 | 8.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Microsoft Graphics Component: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43508 | 5.50 | Toegang tot gevoelige gegevens      | 
| CVE-2024-43534 | 6.50 | Toegang tot gevoelige gegevens      | 
| CVE-2024-43509 | 7.80 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-43556 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Local Security Authority (LSA): 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43522 | 7.00 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Sudo for Windows: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43571 | 5.60 | Voordoen als andere gebruiker       | 
|----------------|------|-------------------------------------|

Windows Scripting: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43584 | 7.70 | Omzeilen van beveiligingsmaatregel  | 
|----------------|------|-------------------------------------|

Winlogon: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43583 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Kerberos: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-38129 | 7.50 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-43547 | 6.50 | Toegang tot gevoelige gegevens      | 
|----------------|------|-------------------------------------|

Windows Cryptographic Services: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43546 | 5.60 | Toegang tot gevoelige gegevens      | 
|----------------|------|-------------------------------------|

Windows Routing and Remote Access Service (RRAS): 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-38261 | 7.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43608 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43607 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-38265 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43453 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-38212 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43549 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43564 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43589 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43592 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43593 | 8.80 | Uitvoeren van willekeurige code     | 
| CVE-2024-43611 | 8.80 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Windows EFI Partition: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-37976 | 6.70 | Omzeilen van beveiligingsmaatregel  | 
| CVE-2024-37982 | 6.70 | Omzeilen van beveiligingsmaatregel  | 
| CVE-2024-37983 | 6.70 | Omzeilen van beveiligingsmaatregel  | 
|----------------|------|-------------------------------------|

Role: Windows Hyper-V: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-20659 | 7.10 | Omzeilen van beveiligingsmaatregel  | 
| CVE-2024-43521 | 7.50 | Denial-of-Service                   | 
| CVE-2024-43567 | 7.50 | Denial-of-Service                   | 
| CVE-2024-43575 | 7.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Windows Hyper-V: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-30092 | 8.00 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Windows NT OS Kernel: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43553 | 7.40 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Network Address Translation (NAT): 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43562 | 7.50 | Denial-of-Service                   | 
| CVE-2024-43565 | 7.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Windows Remote Desktop Licensing Service: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-38262 | 7.50 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

OpenSSH for Windows: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43581 | 7.10 | Uitvoeren van willekeurige code     | 
| CVE-2024-43615 | 7.10 | Uitvoeren van willekeurige code     | 
| CVE-2024-38029 | 7.50 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Windows NTFS: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43514 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Netlogon: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-38124 | 9.00 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Storage Port Driver: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43560 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Common Log File System Driver: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43501 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Secure Kernel Mode: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43516 | 7.80 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-43528 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Microsoft Windows Speech: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43574 | 8.30 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

Windows Ancillary Function Driver for WinSock: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43563 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows BitLocker: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43513 | 6.40 | Omzeilen van beveiligingsmaatregel  | 
|----------------|------|-------------------------------------|

Windows Online Certificate Status Protocol (OCSP): 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43545 | 7.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Internet Small Computer Systems Interface (iSCSI): 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43515 | 7.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Windows Kernel: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43502 | 7.10 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-43527 | 7.80 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-37979 | 6.70 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-43511 | 7.00 | Verkrijgen van verhoogde rechten    | 
| CVE-2024-43520 | 5.00 | Denial-of-Service                   | 
| CVE-2024-43570 | 6.40 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Azure Stack: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-38179 | 8.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Storage: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43551 | 7.80 | Verkrijgen van verhoogde rechten    | 
|----------------|------|-------------------------------------|

Windows Shell: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43552 | 7.30 | Uitvoeren van willekeurige code     | 
|----------------|------|-------------------------------------|

BranchCache: 
|----------------|------|-------------------------------------|
| CVE-ID         | CVSS | Impact                              |
|----------------|------|-------------------------------------|
| CVE-2024-43506 | 7.50 | Denial-of-Service                   | 
| CVE-2024-38149 | 7.50 | Denial-of-Service                   | 
|----------------|------|-------------------------------------|

Oplossingen

Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:

https://portal.msrc.microsoft.com/en-us/security-guidance

CVE's

CVE-2024-43516 - CVSS (v3) 7.8
CVE-2024-43502 - CVSS (v3) 7.1
CVE-2024-43506 - CVSS (v3) 7.5
CVE-2024-43513 - CVSS (v3) 6.4
CVE-2024-43515 - CVSS (v3) 7.5
CVE-2024-43518 - CVSS (v3) 8.8
CVE-2024-43519 - CVSS (v3) 8.8
CVE-2024-43525 - CVSS (v3) 6.8
CVE-2024-43526 - CVSS (v3) 6.8
CVE-2024-43532 - CVSS (v3) 8.8
CVE-2024-43534 - CVSS (v3) 6.5
CVE-2024-43535 - CVSS (v3) 7.0
CVE-2024-43537 - CVSS (v3) 6.5
CVE-2024-43538 - CVSS (v3) 6.5
CVE-2024-43540 - CVSS (v3) 6.5
CVE-2024-43542 - CVSS (v3) 6.5
CVE-2024-43543 - CVSS (v3) 6.8
CVE-2024-43554 - CVSS (v3) 5.5
CVE-2024-43573 - CVSS (v3) 6.5
CVE-2024-43581 - CVSS (v3) 7.1
CVE-2024-6197
CVE-2024-43615 - CVSS (v3) 7.1
CVE-2024-37976 - CVSS (v3) 6.7
CVE-2024-37982 - CVSS (v3) 6.7
CVE-2024-37983 - CVSS (v3) 6.7
CVE-2024-38149 - CVSS (v3) 7.5
CVE-2024-43501 - CVSS (v3) 7.8
CVE-2024-43509 - CVSS (v3) 7.8
CVE-2024-43511 - CVSS (v3) 7.0
CVE-2024-43514 - CVSS (v3) 7.8
CVE-2024-43517 - CVSS (v3) 8.8
CVE-2024-43520 - CVSS (v3) 5.0
CVE-2024-43523 - CVSS (v3) 6.8
CVE-2024-43524 - CVSS (v3) 6.8
CVE-2024-43528 - CVSS (v3) 7.8
CVE-2024-43536 - CVSS (v3) 6.8
CVE-2024-43547 - CVSS (v3) 6.5
CVE-2024-43550 - CVSS (v3) 7.4
CVE-2024-43551 - CVSS (v3) 7.8
CVE-2024-43553 - CVSS (v3) 7.4
CVE-2024-43555 - CVSS (v3) 6.5
CVE-2024-43556 - CVSS (v3) 7.8
CVE-2024-43557 - CVSS (v3) 6.5
CVE-2024-43558 - CVSS (v3) 6.5
CVE-2024-43559 - CVSS (v3) 6.5
CVE-2024-43560 - CVSS (v3) 7.8
CVE-2024-43561 - CVSS (v3) 6.5
CVE-2024-43562 - CVSS (v3) 7.5
CVE-2024-43563 - CVSS (v3) 7.8
CVE-2024-43565 - CVSS (v3) 7.5
CVE-2024-43570 - CVSS (v3) 6.4
CVE-2024-43572 - CVSS (v3) 7.8
CVE-2024-43582 - CVSS (v3) 8.1
CVE-2024-43585 - CVSS (v3) 5.5
CVE-2024-43599 - CVSS (v3) 8.8
CVE-2024-43583 - CVSS (v3) 7.8
CVE-2024-20659 - CVSS (v3) 7.1
CVE-2024-30092 - CVSS (v3) 8.0
CVE-2024-38261 - CVSS (v3) 7.8
CVE-2024-43541 - CVSS (v3) 7.5
CVE-2024-43608 - CVSS (v3) 8.8
CVE-2024-43607 - CVSS (v3) 8.8
CVE-2024-37979 - CVSS (v3) 6.7
CVE-2024-38124 - CVSS (v3) 9.0
CVE-2024-38265 - CVSS (v3) 8.8
CVE-2024-38262 - CVSS (v3) 7.5
CVE-2024-43453 - CVSS (v3) 8.8
CVE-2024-38212 - CVSS (v3) 8.8
CVE-2024-43456 - CVSS (v3) 4.8
CVE-2024-43512 - CVSS (v3) 6.5
CVE-2024-43521 - CVSS (v3) 7.5
CVE-2024-43544 - CVSS (v3) 7.5
CVE-2024-43545 - CVSS (v3) 7.5
CVE-2024-43549 - CVSS (v3) 8.8
CVE-2024-43564 - CVSS (v3) 8.8
CVE-2024-43567 - CVSS (v3) 7.5
CVE-2024-43575 - CVSS (v3) 7.5
CVE-2024-43589 - CVSS (v3) 8.8
CVE-2024-43592 - CVSS (v3) 8.8
CVE-2024-43593 - CVSS (v3) 8.8
CVE-2024-43611 - CVSS (v3) 8.8
CVE-2024-43529 - CVSS (v3) 7.3
CVE-2024-43533 - CVSS (v3) 8.8
CVE-2024-43546 - CVSS (v3) 5.6
CVE-2024-43574 - CVSS (v3) 8.3
CVE-2024-43584 - CVSS (v3) 7.7
CVE-2024-38179 - CVSS (v3) 8.8
CVE-2024-43508 - CVSS (v3) 5.5
CVE-2024-43500 - CVSS (v3) 5.5
CVE-2024-43522 - CVSS (v3) 7.0
CVE-2024-43552 - CVSS (v3) 7.3
CVE-2024-38029 - CVSS (v3) 7.5
CVE-2024-38129 - CVSS (v3) 7.5
CVE-2024-43527 - CVSS (v3) 7.8
CVE-2024-43571 - CVSS (v3) 5.6

Disclaimer

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.