Frontline.Cloud will include the Microsoft Patch Tuesday checks in the NIRV 4.34.0 and Frontline Agent 2.3 releases.

  • Microsoft addressed 49 vulnerabilities in this release, including 2 rated as Critical and 12 Remote Code Execution vulnerabilities.
CVE/AdvisoryTitleTagMicrosoft Severity RatingBase ScoreMicrosoft ImpactExploitedPublicly Disclosed
CVE-2024-20666BitLocker Security Feature Bypass VulnerabilityWindows BitLockerImportant6.6Security Feature BypassNoNo
CVE-2024-20674Windows Kerberos Security Feature Bypass VulnerabilityWindows Authentication MethodsCritical9Security Feature BypassNoNo
CVE-2024-20677Microsoft Office Remote Code Execution VulnerabilityMicrosoft OfficeImportant7.8Remote Code ExecutionNoNo
CVE-2024-20676Azure Storage Mover Remote Code Execution VulnerabilityAzure Storage MoverImportant8Remote Code ExecutionNoNo
CVE-2024-20654Microsoft ODBC Driver Remote Code Execution VulnerabilityWindows ODBC DriverImportant8Remote Code ExecutionNoNo
CVE-2024-20657Windows Group Policy Elevation of Privilege VulnerabilityWindows Group PolicyImportant7Elevation of PrivilegeNoNo
CVE-2024-20658Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityMicrosoft Virtual Hard DriveImportant7.8Elevation of PrivilegeNoNo
CVE-2024-20680Windows Message Queuing Client (MSMQC) Information DisclosureWindows Message QueuingImportant6.5Information DisclosureNoNo
CVE-2024-20682Windows Cryptographic Services Remote Code Execution VulnerabilityWindows Cryptographic ServicesImportant7.8Remote Code ExecutionNoNo
CVE-2024-20683Win32k Elevation of Privilege VulnerabilityWindows Win32KImportant7.8Elevation of PrivilegeNoNo
CVE-2024-20690Windows Nearby Sharing Spoofing VulnerabilityWindows Nearby SharingImportant6.5SpoofingNoNo
CVE-2024-20691Windows Themes Information Disclosure VulnerabilityWindows ThemesImportant4.7Information DisclosureNoNo
CVE-2024-20694Windows CoreMessaging Information Disclosure  VulnerabilityWindows Collaborative Translation FrameworkImportant5.5Information DisclosureNoNo
CVE-2022-35737MITRE: CVE-2022-35737 SQLite allows an array-bounds overflowSQLiteImportantN/ARemote Code ExecutionNoNo
CVE-2024-20696Windows Libarchive Remote Code Execution VulnerabilityWindows LibarchiveImportant7.3Remote Code ExecutionNoNo
CVE-2024-20697Windows Libarchive Remote Code Execution VulnerabilityWindows LibarchiveImportant7.3Remote Code ExecutionNoNo
CVE-2024-20698Windows Kernel Elevation of Privilege VulnerabilityWindows KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2024-20699Windows Hyper-V Denial of Service VulnerabilityWindows Hyper-VImportant5.5Denial of ServiceNoNo
CVE-2024-20700Windows Hyper-V Remote Code Execution VulnerabilityWindows Hyper-VCritical7.5Remote Code ExecutionNoNo
CVE-2024-21305Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass VulnerabilityUnified Extensible Firmware InterfaceImportant4.4Security Feature BypassNoNo
CVE-2024-21307Remote Desktop Client Remote Code Execution VulnerabilityRemote Desktop ClientImportant7.5Remote Code ExecutionNoNo
CVE-2024-21313Windows TCP/IP Information Disclosure VulnerabilityWindows TCP/IPImportant5.3Information DisclosureNoNo
CVE-2024-21325Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution VulnerabilityMicrosoft DevicesImportantN/ARemote Code ExecutionNoNo
CVE-2024-20672.NET Core and Visual Studio Denial of Service Vulnerability.NET Core & Visual StudioImportant7.5Denial of ServiceNoNo
CVE-2024-0056Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass VulnerabilitySQL ServerImportant8.7Repudiation:Security Feature BypassNoNo
CVE-2024-0057NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability.NET and Visual StudioImportant9.1Security Feature BypassNoNo
CVE-2024-20652Windows HTML Platforms Security Feature Bypass VulnerabilityWindows ScriptingImportant7.5Security Feature BypassNoNo
CVE-2024-20653Microsoft Common Log File System Elevation of Privilege VulnerabilityWindows Common Log File System DriverImportant7.8Elevation of PrivilegeNoNo
CVE-2024-20655Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution VulnerabilityWindows Online Certificate Status Protocol (OCSP) SnapInImportant6.6Remote Code ExecutionNoNo
CVE-2024-20656Visual Studio Elevation of Privilege VulnerabilityVisual StudioImportant7.8Elevation of PrivilegeNoNo
CVE-2024-20660Microsoft Message Queuing Information Disclosure VulnerabilityWindows Message QueuingImportant6.5Information DisclosureNoNo
CVE-2024-20661Microsoft Message Queuing Denial of Service VulnerabilityWindows Message QueuingImportant7.5Denial of ServiceNoNo
CVE-2024-20662Windows Online Certificate Status Protocol (OCSP) Information Disclosure VulnerabilityWindows Online Certificate Status Protocol (OCSP) SnapInImportant4.9Information DisclosureNoNo
CVE-2024-20663Windows Message Queuing Client (MSMQC) Information DisclosureWindows Message QueuingImportant6.5Information DisclosureNoNo
CVE-2024-20664Microsoft Message Queuing Information Disclosure VulnerabilityWindows Message QueuingImportant6.5Information DisclosureNoNo
CVE-2024-21316Windows Server Key Distribution Service Security Feature BypassWindows Server Key Distribution ServiceImportant6.1Security Feature BypassNoNo
CVE-2024-20681Windows Subsystem for Linux Elevation of Privilege VulnerabilityWindows Subsystem for LinuxImportant7.8Elevation of PrivilegeNoNo
CVE-2024-20686Win32k Elevation of Privilege VulnerabilityWindows Win32 Kernel SubsystemImportant7.8Elevation of PrivilegeNoNo
CVE-2024-20687Microsoft AllJoyn API Denial of Service VulnerabilityWindows AllJoyn APIImportant7.5Denial of ServiceNoNo
CVE-2024-20692Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityWindows Local Security Authority Subsystem Service (LSASS)Important5.7Information DisclosureNoNo
CVE-2024-21306Microsoft Bluetooth Driver Spoofing VulnerabilityMicrosoft Bluetooth DriverImportant5.7SpoofingNoNo
CVE-2024-21309Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityWindows Kernel-Mode DriversImportant7.8Elevation of PrivilegeNoNo
CVE-2024-21310Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityWindows Cloud Files Mini Filter DriverImportant7.8Elevation of PrivilegeNoNo
CVE-2024-21311Windows Cryptographic Services Information Disclosure VulnerabilityWindows Cryptographic ServicesImportant5.5Information DisclosureNoNo
CVE-2024-21312.NET Framework Denial of Service Vulnerability.NET FrameworkImportant7.5Denial of ServiceNoNo
CVE-2024-21314Microsoft Message Queuing Information Disclosure VulnerabilityWindows Message QueuingImportant6.5Information DisclosureNoNo
CVE-2024-21318Microsoft SharePoint Server Remote Code Execution VulnerabilityMicrosoft Office SharePointImportant8.8Remote Code ExecutionNoNo
CVE-2024-21319Microsoft Identity Denial of service vulnerabilityMicrosoft Identity ServicesImportant6.8Denial of ServiceNoNo
CVE-2024-21320Windows Themes Spoofing VulnerabilityWindows ThemesImportant6.5SpoofingNoNo
     

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Frontline VM can help.