Download
Beveilingsadvies; NCSC-2024-0470 [1.0.0]
- Beveiligingsadvies
- NCSC-2024-0470 [1.0.0]
- Publicatie
- 10-12-2024 20:32 (Europe/Amsterdam)
- Prioriteit
- Normaal
- Betreft
- Kwetsbaarheden verholpen in Microsoft Windows
Kenmerken
- Sensitive Data Storage in Improperly Locked Memory
- Return of Wrong Status Code
- Insecure Default Variable Initialization
- Missing Synchronization
- Improper Link Resolution Before File Access ('Link Following')
- Integer Underflow (Wrap or Wraparound)
- Untrusted Pointer Dereference
- Buffer Over-read
- Double Free
- Access of Resource Using Incompatible Type ('Type Confusion')
- Integer Overflow or Wraparound
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- Out-of-bounds Read
- Improper Access Control
- Use After Free
- NULL Pointer Dereference
- Uncontrolled Resource Consumption
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- Heap-based Buffer Overflow
- Incorrect Conversion between Numeric Types
- Improper Input Validation
- Improper Authentication
Omschrijving
Microsoft heeft kwetsbaarheden verholpen in Windows.
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Systeemrechten)
- Verkrijgen van verhoogde rechten
- Toegang tot gevoelige gegevens
De ernstigste kwetsbaarheid heeft kenmerk CVE-2024-49112 toegewezen gekregen en bevindt zich in de LDAP-component van de Domain Controller. Een kwaadwillende kan de kwetsbaarheid misbruiken om zonder voorafgaande authenticatie uitvoer van willekeurige code mogelijk te maken middels een malafide LDAP-call. Succesvol misbruik vereist wel dat de kwaadwillende LAN-toegang tot de Domain Controller heeft.
Windows Kernel-Mode Drivers:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49074 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Remote Desktop Client:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49105 | 8.40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Mobile Broadband:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49073 | 6.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-49087 | 4.60 | Toegang tot gevoelige gegevens |
| CVE-2024-49092 | 6.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-49077 | 6.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-49078 | 6.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-49083 | 6.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-49110 | 6.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows PrintWorkflowUserSvc:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49097 | 7.00 | Verkrijgen van verhoogde rechten |
| CVE-2024-49095 | 7.00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49084 | 7.00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Remote Desktop:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49132 | 8.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Routing and Remote Access Service (RRAS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49085 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-49086 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-49089 | 7.20 | Uitvoeren van willekeurige code |
| CVE-2024-49102 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-49104 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-49125 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Role: DNS Server:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49091 | 7.20 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Role: Windows Hyper-V:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49117 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows LDAP - Lightweight Directory Access Protocol:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49121 | 7.50 | Denial-of-Service |
| CVE-2024-49124 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49112 | 9.80 | Uitvoeren van willekeurige code |
| CVE-2024-49113 | 7.50 | Denial-of-Service |
| CVE-2024-49127 | 8.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office Publisher:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49079 | 7.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows IP Routing Management Snapin:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49080 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Resilient File System (ReFS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49093 | 8.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Task Scheduler:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49072 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Remote Desktop Services:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49106 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49108 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49115 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49119 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49120 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49123 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49129 | 7.50 | Denial-of-Service |
| CVE-2024-49075 | 7.50 | Denial-of-Service |
| CVE-2024-49116 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49128 | 8.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Wireless Wide Area Network Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49094 | 6.60 | Verkrijgen van verhoogde rechten |
| CVE-2024-49098 | 4.30 | Toegang tot gevoelige gegevens |
| CVE-2024-49099 | 4.30 | Toegang tot gevoelige gegevens |
| CVE-2024-49101 | 6.60 | Verkrijgen van verhoogde rechten |
| CVE-2024-49103 | 4.30 | Toegang tot gevoelige gegevens |
| CVE-2024-49111 | 6.60 | Verkrijgen van verhoogde rechten |
| CVE-2024-49081 | 6.60 | Verkrijgen van verhoogde rechten |
| CVE-2024-49109 | 6.60 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
WmsRepair Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49107 | 7.30 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Local Security Authority Subsystem Service (LSASS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49126 | 8.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Message Queuing:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49096 | 7.50 | Denial-of-Service |
| CVE-2024-49122 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2024-49118 | 8.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Common Log File System Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49088 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-49090 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-49138 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Cloud Files Mini Filter Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49114 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Virtualization-Based Security (VBS) Enclave:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49076 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows File Explorer:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-49082 | 6.80 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
System Center Operations Manager:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-43594 | 7.30 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
CVE's
- CVE-2024-49073 - CVSS (v3) 6.8
- CVE-2024-49074 - CVSS (v3) 7.8
- CVE-2024-49084 - CVSS (v3) 7.0
- CVE-2024-49087 - CVSS (v3) 4.6
- CVE-2024-49089 - CVSS (v3) 7.2
- CVE-2024-49092 - CVSS (v3) 6.8
- CVE-2024-49094 - CVSS (v3) 6.6
- CVE-2024-49096 - CVSS (v3) 7.5
- CVE-2024-49097 - CVSS (v3) 7.0
- CVE-2024-49098 - CVSS (v3) 4.3
- CVE-2024-49099 - CVSS (v3) 4.3
- CVE-2024-49101 - CVSS (v3) 6.6
- CVE-2024-49102 - CVSS (v3) 8.8
- CVE-2024-49103 - CVSS (v3) 4.3
- CVE-2024-49104 - CVSS (v3) 8.8
- CVE-2024-49105
- CVE-2024-49107 - CVSS (v3) 7.3
- CVE-2024-49111 - CVSS (v3) 6.6
- CVE-2024-49121 - CVSS (v3) 7.5
- CVE-2024-49122 - CVSS (v3) 8.1
- CVE-2024-49123 - CVSS (v3) 8.1
- CVE-2024-49124 - CVSS (v3) 8.1
- CVE-2024-49126 - CVSS (v3) 8.1
- CVE-2024-49132 - CVSS (v3) 8.1
- CVE-2024-49072
- CVE-2024-49075
- CVE-2024-49076
- CVE-2024-49077 - CVSS (v3) 6.8
- CVE-2024-49078
- CVE-2024-49079 - CVSS (v3) 7.8
- CVE-2024-49080 - CVSS (v3) 8.8
- CVE-2024-49081 - CVSS (v3) 6.6
- CVE-2024-49082 - CVSS (v3) 6.8
- CVE-2024-49083
- CVE-2024-49088
- CVE-2024-49090
- CVE-2024-49095
- CVE-2024-49109
- CVE-2024-49110 - CVSS (v3) 6.8
- CVE-2024-49112
- CVE-2024-49113
- CVE-2024-49114
- CVE-2024-49118
- CVE-2024-49127
- CVE-2024-49138 - CVSS (v3) 7.8
- CVE-2024-49085 - CVSS (v3) 8.8
- CVE-2024-49086 - CVSS (v3) 8.8
- CVE-2024-49091 - CVSS (v3) 7.2
- CVE-2024-49106 - CVSS (v3) 8.1
- CVE-2024-49108 - CVSS (v3) 8.1
- CVE-2024-49115 - CVSS (v3) 8.1
- CVE-2024-49119 - CVSS (v3) 8.1
- CVE-2024-49120 - CVSS (v3) 8.1
- CVE-2024-49125 - CVSS (v3) 8.8
- CVE-2024-49129 - CVSS (v3) 7.5
- CVE-2024-49116
- CVE-2024-49128
- CVE-2024-49117 - CVSS (v3) 8.8
- CVE-2024-49093 - CVSS (v3) 8.8
- CVE-2024-43594 - CVSS (v3) 7.3
Disclaimer
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.