Vulnerability-Lookup

CVE-2024-38029 (GCVE-0-2024-38029)

Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2025-07-08 15:38

Title

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability

Summary

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-73 - External Control of File Name or Path

Assigner

microsoft

References

URL

	Vendor	Product	Version
	Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.1189 (custom)

CERTFR-2024-AVI-0854

Vulnerability from certfr_avis - Published: 2024-10-09 - Updated: 2024-10-09

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Microsoft indique que les vulnérabilités CVE-2024-43572 et CVE-2024-43573 sont activement exploitées.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.4317
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.2033
Microsoft	Windows	Windows Server 2012 versions antérieures à 6.2.9200.25118
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.4317
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27366
Microsoft	Windows	Windows Server 2016 versions antérieures à 10.0.14393.7428
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7428
Microsoft	Windows	Windows Server 2012 R2 versions antérieures à 6.3.9600.22221
Microsoft	Windows	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7428
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.5011
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22918
Microsoft	Windows	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.6414
Microsoft	Windows	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20796
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22221
Microsoft	Windows	Windows Server 2022 versions antérieures à 10.0.20348..2762
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.4317
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.6414
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.5011
Microsoft	Windows	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348..2762
Microsoft	Windows	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20796
Microsoft	Windows	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1189
Microsoft	Windows	Remote Desktop client pour Windows Desktop versions antérieures à 1.2.5709.0
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.6414
Microsoft	Windows	Windows Server 2019 versions antérieures à 10.0.17763.6414
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.5011
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7428
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.2033
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.22918
Microsoft	Windows	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25118
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27366
Microsoft	Windows	Windows 11 version 21H2 pour systèmes ARM64 antérieures à 10.0.22000.3260
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.5011
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22918
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.5011
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.22918
Microsoft	Windows	Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.3260
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.4317
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.5011

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Windows CVE-2024-43562	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38262	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43521	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43511	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43565	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43538	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43556	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43518	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43554	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43599	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43542	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43608	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43575	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43534	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43527	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43551	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43541	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43552	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38149	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-37976	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43582	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43553	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43555	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43549	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43615	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43522	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43515	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43536	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43593	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43547	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43564	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43517	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43508	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38261	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43520	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43524	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38129	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43581	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-30092	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43456	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38124	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43558	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43544	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43545	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43500	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43525	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43573	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-37979	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43567	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43506	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43572	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43546	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43509	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43533	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43529	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43563	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43559	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43502	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-37982	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43512	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38265	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38029	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43519	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43557	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-6197	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43560	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43561	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43543	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43513	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43453	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43607	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43514	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43585	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43571	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43583	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43537	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43589	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43550	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43540	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-20659	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43501	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38212	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43532	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43574	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43523	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43535	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43570	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-37983	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43584	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43611	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43516	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43528	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43592	2024-10-08	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-43526	2024-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.4317",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.2033",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.25118",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.4317",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.27366",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7428",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7428",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22221",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7428",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.5011",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22918",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.6414",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20796",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22221",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348..2762",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.4317",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.6414",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.5011",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348..2762",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20796",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1189",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Remote Desktop client pour Windows Desktop versions ant\u00e9rieures \u00e0 1.2.5709.0",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.6414",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.6414",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.5011",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7428",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.2033",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22918",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.25118",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.27366",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 ant\u00e9rieures \u00e0 10.0.22000.3260",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.5011",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22918",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.5011",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22918",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.3260",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.4317",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.5011",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43542"
    },
    {
      "name": "CVE-2024-43582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43582"
    },
    {
      "name": "CVE-2024-37983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37983"
    },
    {
      "name": "CVE-2024-43533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43533"
    },
    {
      "name": "CVE-2024-38265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38265"
    },
    {
      "name": "CVE-2024-43535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43535"
    },
    {
      "name": "CVE-2024-20659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20659"
    },
    {
      "name": "CVE-2024-43583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43583"
    },
    {
      "name": "CVE-2024-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43565"
    },
    {
      "name": "CVE-2024-43555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43555"
    },
    {
      "name": "CVE-2024-30092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30092"
    },
    {
      "name": "CVE-2024-43563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43563"
    },
    {
      "name": "CVE-2024-43508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43508"
    },
    {
      "name": "CVE-2024-43543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43543"
    },
    {
      "name": "CVE-2024-43572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43572"
    },
    {
      "name": "CVE-2024-38029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38029"
    },
    {
      "name": "CVE-2024-43513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43513"
    },
    {
      "name": "CVE-2024-43561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43561"
    },
    {
      "name": "CVE-2024-43573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43573"
    },
    {
      "name": "CVE-2024-43585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43585"
    },
    {
      "name": "CVE-2024-43509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43509"
    },
    {
      "name": "CVE-2024-43592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43592"
    },
    {
      "name": "CVE-2024-43524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43524"
    },
    {
      "name": "CVE-2024-43522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43522"
    },
    {
      "name": "CVE-2024-43558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43558"
    },
    {
      "name": "CVE-2024-37979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37979"
    },
    {
      "name": "CVE-2024-43562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43562"
    },
    {
      "name": "CVE-2024-43516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43516"
    },
    {
      "name": "CVE-2024-43514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43514"
    },
    {
      "name": "CVE-2024-43512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43512"
    },
    {
      "name": "CVE-2024-43515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43515"
    },
    {
      "name": "CVE-2024-38129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38129"
    },
    {
      "name": "CVE-2024-37982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37982"
    },
    {
      "name": "CVE-2024-43556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43556"
    },
    {
      "name": "CVE-2024-43574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43574"
    },
    {
      "name": "CVE-2024-43593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43593"
    },
    {
      "name": "CVE-2024-43523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43523"
    },
    {
      "name": "CVE-2024-43581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43581"
    },
    {
      "name": "CVE-2024-43554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43554"
    },
    {
      "name": "CVE-2024-43559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43559"
    },
    {
      "name": "CVE-2024-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43552"
    },
    {
      "name": "CVE-2024-43532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43532"
    },
    {
      "name": "CVE-2024-43537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43537"
    },
    {
      "name": "CVE-2024-43506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43506"
    },
    {
      "name": "CVE-2024-43546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43546"
    },
    {
      "name": "CVE-2024-43575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43575"
    },
    {
      "name": "CVE-2024-43500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43500"
    },
    {
      "name": "CVE-2024-43549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43549"
    },
    {
      "name": "CVE-2024-43521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43521"
    },
    {
      "name": "CVE-2024-43518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43518"
    },
    {
      "name": "CVE-2024-43534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43534"
    },
    {
      "name": "CVE-2024-43544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43544"
    },
    {
      "name": "CVE-2024-43538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43538"
    },
    {
      "name": "CVE-2024-43545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43545"
    },
    {
      "name": "CVE-2024-43525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43525"
    },
    {
      "name": "CVE-2024-43599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43599"
    },
    {
      "name": "CVE-2024-43560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43560"
    },
    {
      "name": "CVE-2024-43607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43607"
    },
    {
      "name": "CVE-2024-43608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43608"
    },
    {
      "name": "CVE-2024-43536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43536"
    },
    {
      "name": "CVE-2024-43502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43502"
    },
    {
      "name": "CVE-2024-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43551"
    },
    {
      "name": "CVE-2024-38149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38149"
    },
    {
      "name": "CVE-2024-43567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43567"
    },
    {
      "name": "CVE-2024-38262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38262"
    },
    {
      "name": "CVE-2024-43527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43527"
    },
    {
      "name": "CVE-2024-43520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43520"
    },
    {
      "name": "CVE-2024-43564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43564"
    },
    {
      "name": "CVE-2024-43453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43453"
    },
    {
      "name": "CVE-2024-43589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43589"
    },
    {
      "name": "CVE-2024-43553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43553"
    },
    {
      "name": "CVE-2024-43615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43615"
    },
    {
      "name": "CVE-2024-43526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43526"
    },
    {
      "name": "CVE-2024-6197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
    },
    {
      "name": "CVE-2024-43571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43571"
    },
    {
      "name": "CVE-2024-38124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38124"
    },
    {
      "name": "CVE-2024-43547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43547"
    },
    {
      "name": "CVE-2024-43456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43456"
    },
    {
      "name": "CVE-2024-38261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38261"
    },
    {
      "name": "CVE-2024-43557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43557"
    },
    {
      "name": "CVE-2024-43528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43528"
    },
    {
      "name": "CVE-2024-43501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43501"
    },
    {
      "name": "CVE-2024-43584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43584"
    },
    {
      "name": "CVE-2024-43541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43541"
    },
    {
      "name": "CVE-2024-43517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43517"
    },
    {
      "name": "CVE-2024-43519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43519"
    },
    {
      "name": "CVE-2024-43540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43540"
    },
    {
      "name": "CVE-2024-37976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37976"
    },
    {
      "name": "CVE-2024-43550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43550"
    },
    {
      "name": "CVE-2024-43570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43570"
    },
    {
      "name": "CVE-2024-43511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43511"
    },
    {
      "name": "CVE-2024-43611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43611"
    },
    {
      "name": "CVE-2024-43529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43529"
    },
    {
      "name": "CVE-2024-38212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38212"
    }
  ],
  "initial_release_date": "2024-10-09T00:00:00",
  "last_revision_date": "2024-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0854",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nMicrosoft indique que les vuln\u00e9rabilit\u00e9s CVE-2024-43572 et CVE-2024-43573 sont activement exploit\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43562",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43562"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38262",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38262"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43521",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43521"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43511",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43511"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43565",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43565"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43538",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43538"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43556",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43556"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43518",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43518"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43554",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43554"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43599",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43599"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43542",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43542"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43608",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43608"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43575",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43575"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43534",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43534"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43527",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43527"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43551",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43551"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43541",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43541"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43552",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43552"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38149",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38149"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-37976",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37976"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43582",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43553",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43553"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43555",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43555"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43549",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43549"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43615",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43615"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43522",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43522"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43515",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43515"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43536",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43536"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43593",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43593"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43547",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43547"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43564",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43564"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43517",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43517"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43508",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43508"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38261",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43520",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43520"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43524",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43524"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38129",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38129"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43581",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43581"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-30092",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30092"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43456",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43456"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38124",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43558",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43558"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43544",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43544"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43545",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43545"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43500",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43500"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43525",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43525"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43573",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-37979",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37979"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43567",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43567"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43506",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43506"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43572",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43546",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43546"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43509",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43509"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43533",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43533"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43529",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43529"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43563",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43563"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43559",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43559"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43502",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43502"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-37982",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37982"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43512",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43512"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38265",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38265"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38029",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43519",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43519"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43557",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43557"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-6197",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6197"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43560",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43560"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43561",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43561"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43543",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43543"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43513",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43513"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43453",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43453"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43607",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43607"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43514",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43514"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43585",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43585"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43571",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43571"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43583",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43537",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43537"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43589",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43589"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43550",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43550"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43540",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43540"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-20659",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43501",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43501"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38212",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38212"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43532",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43532"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43574",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43574"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43523",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43523"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43535",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43535"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43570",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43570"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-37983",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37983"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43584",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43584"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43611",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43611"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43516",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43516"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43528",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43528"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43592",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43592"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-43526",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43526"
    }
  ]
}

CVE-2024-38029

Vulnerability from fstec - Published: 08.10.2024

Title

Уязвимость конфигурации -Oallow-remote-pkcs11 службы ssh-agent средства криптографической защиты OpenSSH операционных систем Windows, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость конфигурации -Oallow-remote-pkcs11 службы ssh-agent средства криптографической защиты OpenSSH операционных систем Windows связана с некорректным внешним управлением именем или путем файла. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путем загрузки вредоносной DLL-библиотеки

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Windows Server 2022, 23H2 Edition (Server Core installation)

Software Version

- (Windows Server 2022, 23H2 Edition (Server Core installation))

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029 https://vuldb.com/?id.279656 https://www.cybersecurity-help.cz/vdb/SB2024100945

CWE

CWE-73

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows Server 2022, 23H2 Edition (Server Core installation))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.10.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07993",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-38029",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows Server 2022, 23H2 Edition (Server Core installation)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows Server 2022, 23H2 Edition (Server Core installation) - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 -Oallow-remote-pkcs11 \u0441\u043b\u0443\u0436\u0431\u044b ssh-agent \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b OpenSSH \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043d\u0435\u0448\u043d\u0435\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0435\u043c \u0438\u043b\u0438 \u043f\u0443\u0442\u0435\u043c \u0444\u0430\u0439\u043b\u0430 (CWE-73)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 -Oallow-remote-pkcs11 \u0441\u043b\u0443\u0436\u0431\u044b ssh-agent \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b OpenSSH \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u0432\u043d\u0435\u0448\u043d\u0438\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0435\u043c \u0438\u043b\u0438 \u043f\u0443\u0442\u0435\u043c \u0444\u0430\u0439\u043b\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 DLL-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029\nhttps://vuldb.com/?id.279656\nhttps://www.cybersecurity-help.cz/vdb/SB2024100945",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-73",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

FKIE_CVE-2024-38029

Vulnerability from fkie_nvd - Published: 2024-10-08 18:15 - Updated: 2024-10-16 19:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	windows_server_2022_23h2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
              "versionEndExcluding": "10.0.25398.1189",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft OpenSSH for Windows Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft OpenSSH para Windows"
    }
  ],
  "id": "CVE-2024-38029",
  "lastModified": "2024-10-16T19:27:25.183",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-08T18:15:06.730",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-73"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2024-44525

Vulnerability from cnvd - Published: 2024-11-13

Title

Microsoft OpenSSH for Windows远程代码执行漏洞

Description

Microsoft OpenSSH是美国微软（Microsoft）公司的一套用于安全访问远程计算机的连接工具。 Microsoft OpenSSH for Windows存在远程代码执行漏洞，该漏洞是由OpenSSH for Windows组件中的缺陷引起的。攻击者可利用该漏洞在系统上执行任意代码。

Severity

高

Patch Name

Microsoft OpenSSH for Windows远程代码执行漏洞的补丁

Patch Description

Microsoft OpenSSH是美国微软（Microsoft）公司的一套用于安全访问远程计算机的连接工具。 Microsoft OpenSSH for Windows存在远程代码执行漏洞，该漏洞是由OpenSSH for Windows组件中的缺陷引起的。攻击者可利用该漏洞在系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029

Reference

https://cxsecurity.com/cveshow/CVE-2024-38029/

Impacted products

Name
Microsoft Windows Server 2022 23H2 Edition (Server Core installation)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-38029",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-38029"
    }
  },
  "description": "Microsoft OpenSSH\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5b89\u5168\u8bbf\u95ee\u8fdc\u7a0b\u8ba1\u7b97\u673a\u7684\u8fde\u63a5\u5de5\u5177\u3002\n\nMicrosoft OpenSSH for Windows\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531OpenSSH for Windows\u7ec4\u4ef6\u4e2d\u7684\u7f3a\u9677\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-44525",
  "openTime": "2024-11-13",
  "patchDescription": "Microsoft OpenSSH\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5b89\u5168\u8bbf\u95ee\u8fdc\u7a0b\u8ba1\u7b97\u673a\u7684\u8fde\u63a5\u5de5\u5177\u3002\r\n\r\nMicrosoft OpenSSH for Windows\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531OpenSSH for Windows\u7ec4\u4ef6\u4e2d\u7684\u7f3a\u9677\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft OpenSSH for Windows\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Windows Server 2022 23H2 Edition (Server Core installation)"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-38029/",
  "serverity": "\u9ad8",
  "submitTime": "2024-10-17",
  "title": "Microsoft OpenSSH for Windows\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GHSA-4CW8-VV94-CQP8

Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33

Details

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-38029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T18:15:06Z",
    "severity": "HIGH"
  },
  "details": "Microsoft OpenSSH for Windows Remote Code Execution Vulnerability",
  "id": "GHSA-4cw8-vv94-cqp8",
  "modified": "2024-10-08T18:33:14Z",
  "published": "2024-10-08T18:33:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38029"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-38029 (GCVE-0-2024-38029)

CERTFR-2024-AVI-0854

Solutions

CVE-2024-38029

FKIE_CVE-2024-38029

CNVD-2024-44525

GHSA-4CW8-VV94-CQP8

Tags

Sightings

Nomenclature