10 września 2024 r. firma Microsoft opublikowała ostrzeżenia dotyczące bezpieczeństwa, aby uporać się z lukami w zabezpieczeniach wielu produktów. Zawiera aktualizacje dla następujących produktów:

• Azure Connected Machine Agent

• Azure CycleCloud — wiele wersji i platform

• Azure Health Bot

• Azure Network Watcher VM Extension dla systemu Windows

• Azure Stack Hub

• Azure Web Apps

• Microsoft 365 Apps for Enterprise — wiele platform

• Microsoft AutoUpdate dla komputerów Mac

• Microsoft Dynamics 365 (lokalnie) — wersja 9.1

• Microsoft Dynamics 365 Business Central 2023 Release Wave 1

• Microsoft Excel 2016

• Microsoft Office — wiele wersji i platform

• Microsoft Outlook 2016 — wiele platform

• Microsoft Project 2016 — wiele platform

• Microsoft Publisher 2016

• Microsoft SharePoint Enterprise Server 2016

• Microsoft SQL Server — wiele wersji i platform

• Microsoft Teams dla systemu iOS

• Microsoft Visio 2016 — wiele platform

• Microsoft Visual Studio 2022 — wiele wersji

• .NET — wersja 8.0

• Power Automate for Desktop

• Klient pulpitu zdalnego dla komputerów stacjonarnych z systemem Windows

• Windows 10 – wiele wersji i platform

• Windows 11 – wiele wersji i platform

• Windows Server – wiele wersji i platform

Firma Microsoft wskazała, że ​​wykorzystano luki CVE-2024-38226, CVE-2024-43491, CVE-2024-38014 i CVE-2024-38217.

NazwaNumer CVEKrytycznośćWektor CVSS
Windows TCP/IPCVE-2024-214168.1AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-261868.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-261918.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Security Zone MappingCVE-2024-300737.8AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-373358.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-373377.1AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
SQL ServerCVE-2024-373388.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-373398.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-373408.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-373418.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-373427.1AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
SQL ServerCVE-2024-379658.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-379667.1AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
SQL ServerCVE-2024-379808.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows InstallerCVE-2024-380147.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office SharePointCVE-2024-380188.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows TCP/IPCVE-2024-380458.1AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows PowerShellCVE-2024-380467.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Network Address Translation (NAT)CVE-2024-381197.5AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Azure Network WatcherCVE-2024-381887.1AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Azure Web AppsCVE-2024-381948.4AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C
Azure StackCVE-2024-382168.2AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C
Windows Mark of the Web (MOTW)CVE-2024-382175.4AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
Azure StackCVE-2024-382209.0AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Dynamics Business CentralCVE-2024-382258.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office PublisherCVE-2024-382267.3AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office SharePointCVE-2024-382277.2AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office SharePointCVE-2024-382287.2AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Standards-Based Storage Management ServiceCVE-2024-382306.5AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Windows Remote Desktop Licensing ServiceCVE-2024-382316.5AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Windows Network VirtualizationCVE-2024-382327.5AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Windows Network VirtualizationCVE-2024-382337.5AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Windows Network VirtualizationCVE-2024-382346.5AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Role: Windows Hyper-VCVE-2024-382356.5AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Windows DHCP ServerCVE-2024-382367.5AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Microsoft Streaming ServiceCVE-2024-382377.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Streaming ServiceCVE-2024-382387.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows KerberosCVE-2024-382397.2AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Remote Access Connection ManagerCVE-2024-382408.1AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Streaming ServiceCVE-2024-382417.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Streaming ServiceCVE-2024-382427.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Streaming ServiceCVE-2024-382437.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Streaming ServiceCVE-2024-382447.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Streaming ServiceCVE-2024-382457.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Win32K – GRFXCVE-2024-382467.0AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Graphics ComponentCVE-2024-382477.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows StorageCVE-2024-382487.0AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Microsoft Graphics ComponentCVE-2024-382497.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Graphics ComponentCVE-2024-382507.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Win32K – ICOMPCVE-2024-382527.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Win32K – ICOMPCVE-2024-382537.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Authentication MethodsCVE-2024-382545.5AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Windows Kernel-Mode DriversCVE-2024-382565.5AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Windows AllJoyn APICVE-2024-382577.5AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Windows Remote Desktop Licensing ServiceCVE-2024-382586.5AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Microsoft Management ConsoleCVE-2024-382598.8AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Remote Desktop Licensing ServiceCVE-2024-382608.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Remote Desktop Licensing ServiceCVE-2024-382637.5AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Remote Desktop Licensing ServiceCVE-2024-434547.1AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C
Windows Remote Desktop Licensing ServiceCVE-2024-434558.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Setup and DeploymentCVE-2024-434577.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows Network VirtualizationCVE-2024-434587.7AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Windows MSHTML PlatformCVE-2024-434618.8AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office VisioCVE-2024-434637.8AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office SharePointCVE-2024-434647.2AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office ExcelCVE-2024-434657.8AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Office SharePointCVE-2024-434666.5AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Windows Remote Desktop Licensing ServiceCVE-2024-434677.5AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Azure CycleCloudCVE-2024-434698.8AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Azure Network WatcherCVE-2024-434707.3AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SQL ServerCVE-2024-434747.6AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C
Windows Admin CenterCVE-2024-434757.3AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Microsoft Dynamics 365 (on-premises)CVE-2024-434767.6AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Power AutomateCVE-2024-434798.5AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft Outlook for iOSCVE-2024-434826.5AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Windows Mark of the Web (MOTW)CVE-2024-434876.5AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C
Windows UpdateCVE-2024-434919.8AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Microsoft AutoUpdate (MAU)CVE-2024-434927.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Windows LibarchiveCVE-2024-434957.3AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C