Frontline.Cloud will include the Microsoft Patch Tuesday checks in the NIRV 4.36.0 and Frontline Agent 2.4 releases.
- Microsoft addressed 73 vulnerabilities in this release, including 5 rated as Critical and 30 Remote Code Execution vulnerabilities.
- This release also includes fixes for CVE-2024-21351 and CVE-2024-21412 that have been exploited in the wild.
- Internet Shortcut Files Security Feature Bypass Vulnerability (CVE-2024-21412)
- This vulnerability requires an attacker to trick a user into executing a malicious file.
- Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21351)
- According to Microsoft, this vulnerability could allow an attacker to inject code into Windows SmartScreen to possibly achieve code execution after tricking a user into executing a malicious file.
- Internet Shortcut Files Security Feature Bypass Vulnerability (CVE-2024-21412)
| CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | Azure DevOps | Important | 7.5 | Remote Code Execution | No | No |
| CVE-2023-50387 | MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers | Role: DNS Server | Important | N/A | Denial of Service | No | No |
| CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Azure Connected Machine Agent | Important | 7.3 | Elevation of Privilege | No | No |
| CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability | Windows Kernel | Important | 4.6 | Information Disclosure | No | No |
| CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Microsoft ActiveX | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability | Windows SmartScreen | Moderate | 7.6 | Security Feature Bypass | Yes | No |
| CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Windows Message Queuing | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Windows Internet Connection Sharing (ICS) | Critical | 7.5 | Remote Code Execution | No | No |
| CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability | Windows OLE | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability | Microsoft Office Word | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability | Azure Active Directory | Important | 6.8 | Spoofing | No | No |
| CVE-2024-21386 | .NET Denial of Service Vulnerability | .NET | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2024-21401 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | Azure Active Directory | Important | 9.8 | Elevation of Privilege | No | No |
| CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability | Microsoft Office Outlook | Important | 7.1 | Elevation of Privilege | No | No |
| CVE-2024-21404 | .NET Denial of Service Vulnerability | .NET | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability | Microsoft Office | Critical | 9.8 | Remote Code Execution | No | No |
| CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability | Azure Stack | Important | 6.5 | Spoofing | No | No |
| CVE-2024-21304 | Trusted Compute Base Elevation of Privilege Vulnerability | Trusted Compute Base | Important | 4.1 | Elevation of Privilege | No | No |
| CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | Microsoft Defender for Endpoint | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | Skype for Business | Important | 5.7 | Information Disclosure | No | No |
| CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability | Windows Hyper-V | Critical | 6.5 | Denial of Service | No | No |
| CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | Windows USB Serial Driver | Important | 6.4 | Remote Code Execution | No | No |
| CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability | Windows Kernel | Important | 6.8 | Remote Code Execution | No | No |
| CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability | Role: DNS Server | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Windows Internet Connection Sharing (ICS) | Important | 5.9 | Denial of Service | No | No |
| CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Windows Internet Connection Sharing (ICS) | Important | 5.9 | Denial of Service | No | No |
| CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 8.8 | Elevation of Privilege | No | No |
| CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability | Windows Win32K - ICOMP | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability | SQL Server | Important | 7.5 | Remote Code Execution | No | No |
| CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Windows Internet Connection Sharing (ICS) | Important | 7.5 | Denial of Service | No | No |
| CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | Microsoft WDAC ODBC Driver | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Windows Message Queuing | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Windows LDAP - Lightweight Directory Access Protocol | Important | 6.5 | Denial of Service | No | No |
| CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability | Windows Kernel | Important | 5.5 | Security Feature Bypass | No | No |
| CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | Azure Site Recovery | Moderate | 9.3 | Elevation of Privilege | No | No |
| CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21374 | Microsoft Teams for Android Information Disclosure | Microsoft Teams for Android | Important | 5 | Information Disclosure | No | No |
| CVE-2024-21376 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | Microsoft Azure Kubernetes Service | Important | 9 | Remote Code Execution | No | No |
| CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability | Microsoft Windows DNS | Important | 7.1 | Information Disclosure | No | No |
| CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability | Microsoft Office Outlook | Important | 8 | Remote Code Execution | No | No |
| CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | Microsoft Dynamics | Critical | 8 | Information Disclosure | No | No |
| CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability | Microsoft Office OneNote | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 8.2 | Spoofing | No | No |
| CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Azure File Sync | Important | 5.3 | Elevation of Privilege | No | No |
| CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Microsoft Azure Kubernetes Service | Important | 9 | Elevation of Privilege | No | No |
| CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Windows Message Queuing | Important | 7 | Elevation of Privilege | No | No |
| CVE-2024-21406 | Windows Printing Service Spoofing Vulnerability | Microsoft Windows | Important | 7.5 | Spoofing | No | No |
| CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Microsoft Exchange Server | Critical | 9.8 | Elevation of Privilege | No | No |
| CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | Internet Shortcut Files | Important | 8.1 | Security Feature Bypass | Yes | No |
Quickly Find and Fix Your Most At-Risk Weaknesses
Watch this demo to see how Frontline VM can help.