Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.52.0 and FVM Agent 2.13 releases.
- Microsoft addressed 117 vulnerabilities in this release, including 3 rated as Critical and 43 Remote Code Execution vulnerabilities.
- This release also includes fixes for two vulnerabilities that have been exploited in the wild.
- CVE-2024-43572 Microsoft Management Console Remote Code Execution Vulnerability
- This update prevents untrusted MSC files from being opened.
- CVE-2024-43573 Windows MSHTML Platform Spoofing Vulnerability
- This is a cross-site scripting vulnerability.
- CVE-2024-43572 Microsoft Management Console Remote Code Execution Vulnerability
| CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
| CVE-2024-38097 | Azure Monitor Agent Elevation of Privilege Vulnerability | Azure Monitor | Important | 7.1 | Elevation of Privilege | No | No |
| CVE-2024-43516 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Windows Secure Kernel Mode | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-38179 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | Azure Stack | Important | 8.8 | Elevation of Privilege | No | No |
| CVE-2024-38261 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-43480 | Azure Service Fabric for Linux Remote Code Execution Vulnerability | Service Fabric | Important | 6.6 | Remote Code Execution | No | No |
| CVE-2024-43481 | Power BI Report Server Spoofing Vulnerability | Power BI | Important | 6.5 | Spoofing | No | No |
| CVE-2024-38229 | .NET and Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio | Important | 8.1 | Remote Code Execution | No | No |
| CVE-2024-43502 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.1 | Elevation of Privilege | No | No |
| CVE-2024-43503 | Microsoft SharePoint Elevation of Privilege Vulnerability | Microsoft Office SharePoint | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43504 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-43505 | Microsoft Office Visio Remote Code Execution Vulnerability | Microsoft Office Visio | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-43506 | BranchCache Denial of Service Vulnerability | BranchCache | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43508 | Windows Graphics Component Information Disclosure Vulnerability | Microsoft Graphics Component | Important | 5.5 | Information Disclosure | No | No |
| CVE-2024-43513 | BitLocker Security Feature Bypass Vulnerability | Windows BitLocker | Important | 6.4 | Security Feature Bypass | No | No |
| CVE-2024-43515 | Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | Internet Small Computer Systems Interface (iSCSI) | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43518 | Windows Telephony Server Remote Code Execution Vulnerability | Windows Telephony Server | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43519 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43525 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Windows Mobile Broadband | Important | 6.8 | Remote Code Execution | No | No |
| CVE-2024-43526 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Windows Mobile Broadband | Important | 6.8 | Remote Code Execution | No | No |
| CVE-2024-43527 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43529 | Windows Print Spooler Elevation of Privilege Vulnerability | Windows Print Spooler Components | Important | 7.3 | Elevation of Privilege | No | No |
| CVE-2024-43532 | Remote Registry Service Elevation of Privilege Vulnerability | RPC Endpoint Mapper Service | Important | 8.8 | Elevation of Privilege | No | No |
| CVE-2024-43533 | Remote Desktop Client Remote Code Execution Vulnerability | Remote Desktop Client | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43534 | Windows Graphics Component Information Disclosure Vulnerability | Microsoft Graphics Component | Important | 6.5 | Information Disclosure | No | No |
| CVE-2024-43535 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Windows Kernel-Mode Drivers | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-43537 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43538 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43540 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43541 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Microsoft Simple Certificate Enrollment Protocol | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43542 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43543 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Windows Mobile Broadband | Important | 6.8 | Remote Code Execution | No | No |
| CVE-2024-43554 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Windows Kernel-Mode Drivers | Important | 5.5 | Information Disclosure | No | No |
| CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability | Windows MSHTML Platform | Moderate | 6.5 | Spoofing | Yes | Yes |
| CVE-2024-43576 | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-43581 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | OpenSSH for Windows | Important | 7.1 | Remote Code Execution | No | No |
| CVE-2024-43601 | Visual Studio Code for Linux Remote Code Execution Vulnerability | Visual Studio Code | Important | 7.1 | Remote Code Execution | No | No |
| CVE-2024-43604 | Outlook for Android Elevation of Privilege Vulnerability | Outlook for Android | Important | 5.7 | Elevation of Privilege | No | No |
| CVE-2024-43608 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43609 | Microsoft Office Spoofing Vulnerability | Microsoft Office | Important | 6.5 | Spoofing | No | No |
| CVE-2024-43607 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43612 | Power BI Report Server Spoofing Vulnerability | Power BI | Important | 6.9 | Spoofing | No | No |
| CVE-2024-43615 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | OpenSSH for Windows | Important | 7.1 | Remote Code Execution | No | No |
| CVE-2024-43616 | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-43500 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability | Windows Resilient File System (ReFS) | Important | 5.5 | Information Disclosure | No | No |
| CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability | Role: Windows Hyper-V | Important | 7.1 | Security Feature Bypass | No | Yes |
| CVE-2024-37976 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Windows EFI Partition | Important | 6.7 | Security Feature Bypass | No | No |
| CVE-2024-37982 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Windows EFI Partition | Important | 6.7 | Security Feature Bypass | No | No |
| CVE-2024-37979 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 6.7 | Elevation of Privilege | No | No |
| CVE-2024-37983 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Windows EFI Partition | Important | 6.7 | Security Feature Bypass | No | No |
| CVE-2024-38149 | BranchCache Denial of Service Vulnerability | BranchCache | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-38029 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | OpenSSH for Windows | Important | 7.5 | Remote Code Execution | No | No |
| CVE-2024-38129 | Windows Kerberos Elevation of Privilege Vulnerability | Windows Kerberos | Important | 7.5 | Elevation of Privilege | No | No |
| CVE-2024-38124 | Windows Netlogon Elevation of Privilege Vulnerability | Windows Netlogon | Important | 9 | Elevation of Privilege | No | No |
| CVE-2024-38265 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-38262 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Windows Remote Desktop Licensing Service | Important | 7.5 | Remote Code Execution | No | No |
| CVE-2024-43453 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-38212 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-30092 | Windows Hyper-V Remote Code Execution Vulnerability | Windows Hyper-V | Important | 8 | Remote Code Execution | No | No |
| CVE-2024-43456 | Windows Remote Desktop Services Tampering Vulnerability | Windows Remote Desktop Services | Important | 4.8 | Tampering | No | No |
| CVE-2024-43483 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | .NET, .NET Framework, Visual Studio | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43484 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | .NET, .NET Framework, Visual Studio | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43485 | .NET and Visual Studio Denial of Service Vulnerability | .NET and Visual Studio | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43497 | DeepSpeed Remote Code Execution Vulnerability | DeepSpeed | Important | 8.4 | Remote Code Execution | No | No |
| CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Microsoft Configuration Manager | Critical | 9.8 | Remote Code Execution | No | No |
| CVE-2024-43501 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Windows Common Log File System Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43509 | Windows Graphics Component Elevation of Privilege Vulnerability | Microsoft Graphics Component | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43511 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-43512 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Windows Standards-Based Storage Management Service | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43514 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Windows NTFS | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43517 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Microsoft ActiveX | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43520 | Windows Kernel Denial of Service Vulnerability | Windows Kernel | Important | 5 | Denial of Service | No | No |
| CVE-2024-43521 | Windows Hyper-V Denial of Service Vulnerability | Role: Windows Hyper-V | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43522 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Windows Local Security Authority (LSA) | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-43523 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Windows Mobile Broadband | Important | 6.8 | Remote Code Execution | No | No |
| CVE-2024-43524 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Windows Mobile Broadband | Important | 6.8 | Remote Code Execution | No | No |
| CVE-2024-43528 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Windows Secure Kernel Mode | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43536 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Windows Mobile Broadband | Important | 6.8 | Remote Code Execution | No | No |
| CVE-2024-43544 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Microsoft Simple Certificate Enrollment Protocol | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43545 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Windows Online Certificate Status Protocol (OCSP) | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43546 | Windows Cryptographic Information Disclosure Vulnerability | Windows Cryptographic Services | Important | 5.6 | Information Disclosure | No | No |
| CVE-2024-43547 | Windows Kerberos Information Disclosure Vulnerability | Windows Kerberos | Important | 6.5 | Information Disclosure | No | No |
| CVE-2024-43549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43550 | Windows Secure Channel Spoofing Vulnerability | Windows Secure Channel | Important | 7.4 | Spoofing | No | No |
| CVE-2024-43551 | Windows Storage Elevation of Privilege Vulnerability | Windows Storage | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43552 | Windows Shell Remote Code Execution Vulnerability | Windows Shell | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2024-43553 | NT OS Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 7.4 | Elevation of Privilege | No | No |
| CVE-2024-43555 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43556 | Windows Graphics Component Elevation of Privilege Vulnerability | Microsoft Graphics Component | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43557 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43558 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43559 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43560 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | Windows Storage Port Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43561 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Windows Mobile Broadband | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-43562 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Windows Network Address Translation (NAT) | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43563 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Windows Ancillary Function Driver for WinSock | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43564 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43565 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Windows Network Address Translation (NAT) | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43567 | Windows Hyper-V Denial of Service Vulnerability | Role: Windows Hyper-V | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43570 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 6.4 | Elevation of Privilege | No | No |
| CVE-2024-43571 | Sudo for Windows Spoofing Vulnerability | Sudo for Windows | Important | 5.6 | Spoofing | No | No |
| CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability | Microsoft Management Console | Important | 7.8 | Remote Code Execution | Yes | Yes |
| CVE-2024-43574 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Microsoft Windows Speech | Important | 8.3 | Remote Code Execution | No | No |
| CVE-2024-43575 | Windows Hyper-V Denial of Service Vulnerability | Role: Windows Hyper-V | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-43582 | Remote Desktop Protocol Server Remote Code Execution Vulnerability | Windows Remote Desktop | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2024-43584 | Windows Scripting Engine Security Feature Bypass Vulnerability | Windows Scripting | Important | 7.7 | Security Feature Bypass | No | No |
| CVE-2024-43585 | Code Integrity Guard Security Feature Bypass Vulnerability | Code Integrity Guard | Important | 5.5 | Security Feature Bypass | No | No |
| CVE-2024-43589 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43590 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | Visual C++ Redistributable Installer | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-43591 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Azure CLI | Important | 8.7 | Elevation of Privilege | No | No |
| CVE-2024-43592 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43593 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43599 | Remote Desktop Client Remote Code Execution Vulnerability | Remote Desktop Client | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43603 | Visual Studio Collector Service Denial of Service Vulnerability | Visual Studio | Important | 5.5 | Denial of Service | No | No |
| CVE-2024-43583 | Winlogon Elevation of Privilege Vulnerability | Winlogon | Important | 7.8 | Elevation of Privilege | No | Yes |
| CVE-2024-43614 | Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | Microsoft Defender for Endpoint | Important | 5.5 | Spoofing | No | No |
| CVE-2024-43611 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-43488 | Visual Studio Code extension for Arduino Remote Code Execution Vulnerability | Visual Studio Code | Critical | 8.8 | Remote Code Execution | No | No |
Quickly Find and Fix Your Most At-Risk Weaknesses
Watch this demo to see how Fortra VM can help.
Request a Fortra® Demo
From reconnaissance through achieving objectives, Fortra® interrupts attackers at every step of the attack chain.