10 września 2024 r. firma Microsoft opublikowała ostrzeżenia dotyczące bezpieczeństwa, aby uporać się z lukami w zabezpieczeniach wielu produktów. Zawiera aktualizacje dla następujących produktów:
• Azure Connected Machine Agent
• Azure CycleCloud — wiele wersji i platform
• Azure Health Bot
• Azure Network Watcher VM Extension dla systemu Windows
• Azure Stack Hub
• Azure Web Apps
• Microsoft 365 Apps for Enterprise — wiele platform
• Microsoft AutoUpdate dla komputerów Mac
• Microsoft Dynamics 365 (lokalnie) — wersja 9.1
• Microsoft Dynamics 365 Business Central 2023 Release Wave 1
• Microsoft Excel 2016
• Microsoft Office — wiele wersji i platform
• Microsoft Outlook 2016 — wiele platform
• Microsoft Project 2016 — wiele platform
• Microsoft Publisher 2016
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SQL Server — wiele wersji i platform
• Microsoft Teams dla systemu iOS
• Microsoft Visio 2016 — wiele platform
• Microsoft Visual Studio 2022 — wiele wersji
• .NET — wersja 8.0
• Power Automate for Desktop
• Klient pulpitu zdalnego dla komputerów stacjonarnych z systemem Windows
• Windows 10 – wiele wersji i platform
• Windows 11 – wiele wersji i platform
• Windows Server – wiele wersji i platform
Firma Microsoft wskazała, że wykorzystano luki CVE-2024-38226, CVE-2024-43491, CVE-2024-38014 i CVE-2024-38217.
Nazwa | Numer CVE | Krytyczność | Wektor CVSS |
Windows TCP/IP | CVE-2024-21416 | 8.1 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-26186 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-26191 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Security Zone Mapping | CVE-2024-30073 | 7.8 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37335 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37337 | 7.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37338 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37339 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37340 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37341 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37342 | 7.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37965 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37966 | 7.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
SQL Server | CVE-2024-37980 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Installer | CVE-2024-38014 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office SharePoint | CVE-2024-38018 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows TCP/IP | CVE-2024-38045 | 8.1 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows PowerShell | CVE-2024-38046 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Network Address Translation (NAT) | CVE-2024-38119 | 7.5 | AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Azure Network Watcher | CVE-2024-38188 | 7.1 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Azure Web Apps | CVE-2024-38194 | 8.4 | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C |
Azure Stack | CVE-2024-38216 | 8.2 | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C |
Windows Mark of the Web (MOTW) | CVE-2024-38217 | 5.4 | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
Azure Stack | CVE-2024-38220 | 9.0 | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Dynamics Business Central | CVE-2024-38225 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office Publisher | CVE-2024-38226 | 7.3 | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office SharePoint | CVE-2024-38227 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office SharePoint | CVE-2024-38228 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Standards-Based Storage Management Service | CVE-2024-38230 | 6.5 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Windows Remote Desktop Licensing Service | CVE-2024-38231 | 6.5 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Windows Network Virtualization | CVE-2024-38232 | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Windows Network Virtualization | CVE-2024-38233 | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Windows Network Virtualization | CVE-2024-38234 | 6.5 | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Role: Windows Hyper-V | CVE-2024-38235 | 6.5 | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Windows DHCP Server | CVE-2024-38236 | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Microsoft Streaming Service | CVE-2024-38237 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Streaming Service | CVE-2024-38238 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Kerberos | CVE-2024-38239 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Remote Access Connection Manager | CVE-2024-38240 | 8.1 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Streaming Service | CVE-2024-38241 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Streaming Service | CVE-2024-38242 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Streaming Service | CVE-2024-38243 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Streaming Service | CVE-2024-38244 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Streaming Service | CVE-2024-38245 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Win32K – GRFX | CVE-2024-38246 | 7.0 | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Graphics Component | CVE-2024-38247 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Storage | CVE-2024-38248 | 7.0 | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Microsoft Graphics Component | CVE-2024-38249 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Graphics Component | CVE-2024-38250 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Win32K – ICOMP | CVE-2024-38252 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Win32K – ICOMP | CVE-2024-38253 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Authentication Methods | CVE-2024-38254 | 5.5 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Windows Kernel-Mode Drivers | CVE-2024-38256 | 5.5 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Windows AllJoyn API | CVE-2024-38257 | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Windows Remote Desktop Licensing Service | CVE-2024-38258 | 6.5 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Microsoft Management Console | CVE-2024-38259 | 8.8 | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Remote Desktop Licensing Service | CVE-2024-38260 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Remote Desktop Licensing Service | CVE-2024-38263 | 7.5 | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Remote Desktop Licensing Service | CVE-2024-43454 | 7.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
Windows Remote Desktop Licensing Service | CVE-2024-43455 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Setup and Deployment | CVE-2024-43457 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Network Virtualization | CVE-2024-43458 | 7.7 | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Windows MSHTML Platform | CVE-2024-43461 | 8.8 | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office Visio | CVE-2024-43463 | 7.8 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office SharePoint | CVE-2024-43464 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office Excel | CVE-2024-43465 | 7.8 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Office SharePoint | CVE-2024-43466 | 6.5 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Windows Remote Desktop Licensing Service | CVE-2024-43467 | 7.5 | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Azure CycleCloud | CVE-2024-43469 | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Azure Network Watcher | CVE-2024-43470 | 7.3 | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
SQL Server | CVE-2024-43474 | 7.6 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C |
Windows Admin Center | CVE-2024-43475 | 7.3 | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 | 7.6 | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Power Automate | CVE-2024-43479 | 8.5 | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft Outlook for iOS | CVE-2024-43482 | 6.5 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Windows Mark of the Web (MOTW) | CVE-2024-43487 | 6.5 | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
Windows Update | CVE-2024-43491 | 9.8 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Microsoft AutoUpdate (MAU) | CVE-2024-43492 | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Windows Libarchive | CVE-2024-43495 | 7.3 | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |