FVM will include the Microsoft Patch Tuesday checks in the NIRV 4.56.0 and FVM Agent 2.17.
- Microsoft addressed 70 vulnerabilities this release, including 16 rated as Critical.
- CVE-2024-49138 – Microsoft has disclosed an actively exploited vulnerability that allows attackers to gain SYSTEM privileges on Windows devices. No further information is provided from Microsoft on how the security vulnerability was exploited in attacks at this moment.
| CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
| CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability | System Center Operations Manager | Important | 7.3 | Elevation of Privilege | No | No |
| CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability | Microsoft Defender for Endpoint | Important | 8.1 | Spoofing | No | No |
| CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability | Microsoft Office | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability | Microsoft Office SharePoint | Important | 6.5 | Information Disclosure | No | No |
| CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability | Microsoft Office SharePoint | Important | 8.2 | Elevation of Privilege | No | No |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft Office SharePoint | Important | 7.4 | Remote Code Execution | No | No |
| CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Windows Mobile Broadband | Important | 6.8 | Elevation of Privilege | No | No |
| CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Windows Kernel-Mode Drivers | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability | Windows Mobile Broadband | Important | 4.6 | Information Disclosure | No | No |
| CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 7.2 | Remote Code Execution | No | No |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | Role: DNS Server | Important | 7.2 | Remote Code Execution | No | No |
| CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Windows Mobile Broadband | Important | 6.8 | Elevation of Privilege | No | No |
| CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Windows Resilient File System (ReFS) | Important | 8.8 | Elevation of Privilege | No | No |
| CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Windows Wireless Wide Area Network Service | Important | 6.6 | Elevation of Privilege | No | No |
| CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Windows Message Queuing | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Windows PrintWorkflowUserSvc | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Windows Wireless Wide Area Network Service | Important | 4.3 | Information Disclosure | No | No |
| CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Windows Wireless Wide Area Network Service | Important | 4.3 | Information Disclosure | No | No |
| CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Windows Wireless Wide Area Network Service | Important | 6.6 | Elevation of Privilege | No | No |
| CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Windows Wireless Wide Area Network Service | Important | 4.3 | Information Disclosure | No | No |
| CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability | WmsRepair Service | Important | 7.3 | Elevation of Privilege | No | No |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Windows Wireless Wide Area Network Service | Important | 6.6 | Elevation of Privilege | No | No |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability | Role: Windows Hyper-V | Critical | 8.8 | Remote Code Execution | No | No |
| CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Windows LDAP – Lightweight Directory Access Protocol | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Windows Message Queuing | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Windows LDAP – Lightweight Directory Access Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Windows Local Security Authority Subsystem Service (LSASS) | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Windows Remote Desktop Services | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | Microsoft Office Access | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability | Microsoft Office | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability | Microsoft Office SharePoint | Important | 6.5 | Information Disclosure | No | No |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability | GitHub | Important | 8.4 | Remote Code Execution | No | No |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office Word | Important | 5.5 | Remote Code Execution | No | No |
| CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability | Windows Task Scheduler | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability | Windows Remote Desktop Services | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Windows Virtualization-Based Security (VBS) Enclave | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Windows Mobile Broadband | Important | 6.8 | Elevation of Privilege | No | No |
| CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Windows Mobile Broadband | Important | 6.8 | Elevation of Privilege | No | No |
| CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability | Microsoft Office Publisher | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Windows IP Routing Management Snapin | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Windows Wireless Wide Area Network Service | Important | 6.6 | Elevation of Privilege | No | No |
| CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability | Windows File Explorer | Important | 6.8 | Information Disclosure | No | No |
| CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Windows Mobile Broadband | Important | 6.8 | Elevation of Privilege | No | No |
| CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Windows Common Log File System Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Windows Common Log File System Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Windows PrintWorkflowUserSvc | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Windows Wireless Wide Area Network Service | Important | 6.6 | Elevation of Privilege | No | No |
| CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Windows Mobile Broadband | Important | 6.8 | Elevation of Privilege | No | No |
| CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Windows LDAP – Lightweight Directory Access Protocol | Critical | 9.8 | Remote Code Execution | No | No |
| CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Windows LDAP – Lightweight Directory Access Protocol | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Windows Cloud Files Mini Filter Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Windows Message Queuing | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Windows LDAP – Lightweight Directory Access Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Windows Remote Desktop Services | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Windows Common Log File System Driver | Important | 7.8 | Elevation of Privilege | Yes | Yes |
Quickly Find and Fix Your Most At-Risk Weaknesses
Watch this demo to see how Fortra VM can help.