Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.54.0 and FVM Agent 2.15 releases.
- Microsoft addressed 89 vulnerabilities in this release, including 4 rated as Critical and 51 Remote Code Execution vulnerabilities.
- This release also includes fixes for two vulnerabilities that have been publicly disclosed and exploited in the wild.
- CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability
- When a user interacts with a malicious file, their NTLMv2 hash could be disclosed.
- CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability
- An attacker could elevate privileges via running a crafted application.
- In addition, this release includes another publicly disclosed vulnerability.
- CVE-2024-49040 Microsoft Exchange Server Spoofing Vulnerability
- An attacker could spoof a forged email sender as legitimate via a crafted P2 FROM header.
- CVE-2024-49040 Microsoft Exchange Server Spoofing Vulnerability
- CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability
CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability | Windows Update Stack | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability | Azure CycleCloud | Important | 9.9 | Remote Code Execution | No | No |
CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability | Windows VMSwitch | Critical | 8.1 | Elevation of Privilege | No | No |
CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability | Windows Telephony Service | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability | Windows Telephony Service | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability | Windows Telephony Service | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Windows Secure Kernel Mode | Important | 6.7 | Elevation of Privilege | No | No |
CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Windows USB Video Driver | Important | 6.8 | Elevation of Privilege | No | No |
CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Windows USB Video Driver | Important | 6.8 | Elevation of Privilege | No | No |
CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Windows USB Video Driver | Important | 6.8 | Elevation of Privilege | No | No |
CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Windows USB Video Driver | Important | 6.8 | Elevation of Privilege | No | No |
CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Windows CSC Service | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | Windows Defender Application Control (WDAC) | Important | 6.7 | Security Feature Bypass | No | No |
CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Windows Secure Kernel Mode | Important | 6.7 | Elevation of Privilege | No | No |
CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability | Windows SMBv3 Client/Server | Important | 8.1 | Remote Code Execution | No | No |
CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Windows USB Video Driver | Important | 6.8 | Elevation of Privilege | No | No |
CVE-2024-43450 | Windows DNS Spoofing Vulnerability | Microsoft Windows DNS | Important | 7.5 | Spoofing | No | No |
CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | Windows NTLM | Important | 6.5 | Spoofing | Yes | Yes |
CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability | Windows Registry | Important | 7.5 | Elevation of Privilege | No | No |
CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | Microsoft Virtual Hard Drive | Important | 5.9 | Denial of Service | No | No |
CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability | Microsoft Exchange Server | Important | 7.5 | Spoofing | No | Yes |
CVE-2024-49042 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | Azure Database for PostgreSQL | Important | 7.2 | Elevation of Privilege | No | No |
CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | SQL Server | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability | Visual Studio | Important | 6.7 | Elevation of Privilege | No | No |
CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Windows Win32 Kernel Subsystem | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | Visual Studio Code | Moderate | 7.1 | Elevation of Privilege | No | No |
CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability | Airlift.microsoft.com | Critical | 7.3 | Elevation of Privilege | No | No |
CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability | LightGBM | Important | 7.5 | Remote Code Execution | No | No |
CVE-2024-43613 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | Azure Database for PostgreSQL | Important | 7.2 | Elevation of Privilege | No | No |
CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability | Windows Telephony Service | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability | Windows Telephony Service | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability | Windows Telephony Service | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | Role: Windows Hyper-V | Important | 8.8 | Elevation of Privilege | No | No |
CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability | Windows DWM Core Library | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability | Role: Windows Hyper-V | Important | 6.5 | Denial of Service | No | No |
CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability | Windows Telephony Service | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability | Windows DWM Core Library | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability | Windows Kerberos | Critical | 9.8 | Remote Code Execution | No | No |
CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Windows Secure Kernel Mode | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability | Windows Registry | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-43642 | Windows SMB Denial of Service Vulnerability | Windows SMB | Important | 7.5 | Denial of Service | No | No |
CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability | Windows Package Library Manager | Important | 6.2 | Information Disclosure | No | No |
CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability | SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Role: Windows Active Directory Certificate Services | Important | 7.8 | Elevation of Privilege | No | Yes |
CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability | SQL Server | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability | Microsoft Graphics Component | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability | Microsoft Graphics Component | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability | Microsoft Office Word | Important | 7.5 | Security Feature Bypass | No | No |
CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability | Windows Task Scheduler | Important | 8.8 | Elevation of Privilege | Yes | No |
CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability | TorchGeo | Important | 8.1 | Remote Code Execution | No | No |
CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Visual Studio Code | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability | Microsoft PC Manager | Important | 7.8 | Elevation of Privilege | No | No |
ADV240001 | Microsoft SharePoint Server Defense in Depth Update | Microsoft Office SharePoint | None | N/A | Defense in Depth | No | No |
CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio | Critical | 9.8 | Remote Code Execution | No | No |
CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability | .NET and Visual Studio | Important | 7.5 | Denial of Service | No | No |
Quickly Find and Fix Your Most At-Risk Weaknesses
Watch this demo to see how Fortra VM can help.