CVE-2024-49084 Windows Kernel Elevation of Privilege Vulnerability
Published December 10, 2024
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2024-49107 WmsRepair Service Elevation of Privilege Vulnerability
Published December 10, 2024
Information published.
CVE-2024-49142 Microsoft Access Remote Code Execution Vulnerability
Published December 10, 2024
Information published.
CVE-2024-49083 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Published December 10, 2024
Information published.
CVE-2023-36435 Microsoft QUIC Denial of Service Vulnerability
Published December 10, 2024
To comprehensively address CVE-2023-36435, Microsoft has released security updates on October 24, 2023 for .NET 7.0.
Microsoft recommends that customers running .NET install the updates to be fully protected from the vulnerability.
Chromium: CVE-2024-12053 Type Confusion in V8
Published December 6, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Published December 2, 2024
Added acknowledgements. This is an informational change only.
CVE-2024-49035 Partner.Microsoft.Com Elevation of Privilege Vulnerability
Published November 26, 2024
An improper access control vulnerability in [Partner.Microsoft.com](https://partner.microsoft.com/) allows an a unauthenticated attacker to elevate privileges over a network.
CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability
Published November 26, 2024
Improper neutralization of input during web page generation (‘Cross-site Scripting’) in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
CVE-2024-49053 Microsoft Dynamics 365 Sales Spoofing Vulnerability
Published November 26, 2024
Information published.
