Skip to main content
To Customer Support To Customer Support

This is what I got for today on my Windows 10 Pro. More info will follow.

 

 

Microsoft security update summary for October 2024

October 8, 2024

Here’s a summary of Microsoft security updates released on this date.

Critical security updates

  • Microsoft Configuration Manager 2303
  • Microsoft Configuration Manager 2309
  • Microsoft Configuration Manager 2403
  • Visual Studio Code
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022, 23H2 Edition (Server Core installation)

Important security updates

  • .NET 6.0 installed on Linux
  • .NET 6.0 installed on Mac OS
  • .NET 6.0 installed on Windows
  • .NET 8.0 installed on Linux
  • .NET 8.0 installed on Mac OS
  • .NET 8.0 installed on Windows
  • Azure CLI
  • Azure Monitor Agent
  • Azure Service Connector
  • Azure Service Fabric 10.0 for Linux
  • Azure Service Fabric 10.1 for Linux
  • Azure Service Fabric 9.1 for Linux
  • Azure Stack HCI 22H2
  • Azure Stack HCI 23H2
  • DeepSpeed
  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft .NET Framework 3.0 Service Pack 2
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5 AND 4.7.2
  • Microsoft .NET Framework 3.5 AND 4.8
  • Microsoft .NET Framework 3.5 AND 4.8.1
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4.6.2
  • Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
  • Microsoft .NET Framework 4.6/4.6.2
  • Microsoft .NET Framework 4.8
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Defender for Endpoint for Linux
  • Microsoft Excel 2016 (32-bit edition)
  • Microsoft Excel 2016 (64-bit edition)
  • Microsoft Office 2016 (32-bit edition)
  • Microsoft Office 2016 (64-bit edition)
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft Office LTSC 2024 for 32-bit editions
  • Microsoft Office LTSC 2024 for 64-bit editions
  • Microsoft Outlook for Android
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft Visual Studio 2015 Update 3
  • Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
  • Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
  • Microsoft Visual Studio 2022 version 17.10
  • Microsoft Visual Studio 2022 version 17.11
  • Microsoft Visual Studio 2022 version 17.6
  • Microsoft Visual Studio 2022 version 17.8
  • Power BI Report Server - May 2024
  • Remote Desktop client for Windows Desktop
  • Visual C++ Redistributable Installer

Here is the link for the above as I couldn’t add to the post: https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct

 

This release consists of the following 117 Microsoft CVEs:

 

Thanks!

If you get this update post if it doesn’t install? It installed fine on my system and I don’t have that extra WinRE recovery partition.

 

 

https://support.microsoft.com/en-gb/topic/kb5046400-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-october-8-2024-62ea1496-d349-4dfb-b326-28dd7b9f99b9

 

Like the same issue back in July: https://answers.microsoft.com/en-us/windows/forum/all/failure-to-install-security-update-kb5034441/3e3dc5bb-2f17-4c7b-b1cd-5c4c3f6c4a7e

CVEs have been published or revised in the Security Update Guide

October 9, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2021-1638

  • Title: Windows Bluetooth Security Feature Bypass Vulnerability
  • Version: 1.2
  • Reason for revision: Updated the executive summary with current information. This is an informational change only.
  • Originally released: January 12, 2021
  • Last updated: October 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2021-1683

  • Title: Windows Bluetooth Security Feature Bypass Vulnerability
  • Version: 1.2
  • Reason for revision: Updated the executive summary with current information. This is an informational change only.
  • Originally released: January 12, 2021
  • Last updated: October 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2021-1684

  • Title: Windows Bluetooth Security Feature Bypass Vulnerability
  • Version: 1.2
  • Reason for revision: Updated the executive summary with current information. This is an informational change only.
  • Originally released: January 12, 2021
  • Last updated: October 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2022-0001

  • Title: Intel: CVE-2022-0001 Branch History Injection
  • Version: 3.0
  • Reason for revision: In the Security Updates table, the following changes have been made: 1) Added Windows 11 Version 24H2 as it is affected by this vulnerability. 2) To comprehensively address CVE-2022-0001, Microsoft has released Ocotber 2024 security updates for all affected versions of Windows Server 2022, 23H2 Edition (Serve Core installation), Windows Server 2022, Windows 11 Version 21H2, Windows 11 Version 22H2, and Windows 11 Version 23H2. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
  • Originally released: April 9, 2024
  • Last updated: October 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-37341

  • Title: Microsoft SQL Server Elevation of Privilege Vulnerability
  • Version: 2.0
  • Reason for revision: To address known functional issues that occur in the Change Data Capture (CDC) feature that were introduced in the September 2024 GDR, Microsoft has released updated GDR for the following versions of SQL Server: SQL Server 2016, SQL Server 2017, SQL Server 2019, and SQL Server 2022. For more information see the FAQ section of CVE-2024-37341.
  • Originally released: September 10, 2024
  • Last updated: October 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38016

  • Title: Microsoft Office Visio Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 19, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38018

  • Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38095

  • Title: .NET and Visual Studio Denial of Service Vulnerability
  • Version: 3.0
  • Reason for revision: In the Security Updates table, added .NET 6.0 as it is also affected by this vulnerability. Note that there is no security update for .NET 6.0 to address this vulnerablity. HTTP/3 support was only experimental in .NET 6.0, so if you are using .NET 6 you must update your application to .NET 8 to be protected.
  • Originally released: July 9, 2024
  • Last updated: October 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38202

  • Title: Windows Update Stack Elevation of Privilege Vulnerability
  • Version: 2.0
  • Reason for revision: To address this elevation of privilege vulnerability Microsoft has released October 2024 security updates for all affected versions of Windows. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. In addition, depending on the version of Windows you are running, you might need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information.
  • Originally released: August 7, 2024
  • Last updated: October 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38226

  • Title: Microsoft Publisher Security Feature Bypass Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38227

  • Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38228

  • Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43463

  • Title: Microsoft Office Visio Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43464

  • Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-43465

  • Title: Microsoft Excel Elevation of Privilege Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43466

  • Title: Microsoft SharePoint Server Denial of Service Vulnerability
  • Version: 1.1
  • Reason for revision: Updated links to security updates. This is an informational change only.
  • Originally released: September 10, 2024
  • Last updated: October 6, 2024
  • Aggregate CVE Severity Rating: Important
  

CVEs have been published or revised in the Security Update Guide

October 11, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-43481

  • Title: Power BI Report Server Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Article links in the Security Updates table. This is an informational change only.
  • Originally released: October 8, 2024
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43483

  • Title: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
  • Version: 1.2
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: October 8, 2024
  • Last updated: October 11, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43484

  • Title: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: October 8, 2024
  • Last updated: October 11, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43612

  • Title: Power BI Report Server Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Article links in the Security Updates table. This is an informational change only.
  • Originally released: October 8, 2024
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-6197

  • Title: Hackerone: CVE-2024-6197 Freeing stack buffer in utf8asn1str
  • Version: 1.1
  • Reason for revision: Updated CVE title. This is an informational change only.
  • Originally released: October 8, 2024
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-9602

  • Title: Chromium: CVE-2024-9602 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 10, 2024
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9603

  • Title: Chromium: CVE-2024-9603 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 10, 2024
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide

October 15, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38139

  • Title: Microsoft Dataverse Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 15, 2024
  • Last updated: October 15, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38190

  • Title: Power Platform Information Disclosure Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 15, 2024
  • Last updated: October 15, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38204

  • Title: Imagine Cup site Information Disclosure Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 15, 2024
  • Last updated: October 15, 2024
  • Aggregate CVE Severity Rating: Critical
  

CVEs have been published or revised in the Security Update Guide

October 16, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38202

  • Title: Windows Update Stack Elevation of Privilege Vulnerability
  • Version: 2.1
  • Reason for revision: Executive Summary revised to correct the availability status of security updates which mitigate this vulnerability as they were released October 08, 2024 and are provided in the Security Updates table of this CVE. This is an informational change only.
  • Originally released: August 7, 2024
  • Last updated: October 15, 2024

Aggregate CVE Severity Rating: Important

CVEs have been published or revised in the Security Update Guide

October 17, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-43566

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43578

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-43579

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43580

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Low

CVE-2024-43587

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Low

CVE-2024-43595

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-43596

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-9954

  • Title: Chromium: CVE-2024-9954 Use after free in AI
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9955

  • Title: Chromium: CVE-2024-9955 Use after free in Web Authentication
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9956

  • Title: Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9957

  • Title: Chromium: CVE-2024-9957 Use after free in UI
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9958

  • Title: Chromium: CVE-2024-9958 Inappropriate implementation in PictureInPicture
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9959

  • Title: Chromium: CVE-2024-9959 Use after free in DevTools
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9960

  • Title: Chromium: CVE-2024-9960 Use after free in Dawn
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9961

  • Title: Chromium: CVE-2024-9961 Use after free in Parcel Tracking
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9962

  • Title: Chromium: CVE-2024-9962 Inappropriate implementation in Permissions
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9963

  • Title: Chromium: CVE-2024-9963 Insufficient data validation in Downloads
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9964

  • Title: Chromium: CVE-2024-9964 Inappropriate implementation in Payments
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9965

  • Title: Chromium: CVE-2024-9965 Insufficient data validation in DevTools
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9966

  • Title: Chromium: CVE-2024-9966 Inappropriate implementation in Navigations
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide

October 23, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-0132

  • Title: NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability
  • Version: 2.0
  • Reason for revision: In the Security Updates table, added Azure Kubernetes Service Node on Azure Linux and Azure Kubernetes Service Node on Ubuntu Linux because these product are also affected by this vulnerability. Microsoft strongly recommends that customers using these products install the updates to be fully protected from the vulnerability.
  • Originally released: October 9, 2024
  • Last updated: October 23, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-43577

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Low

CVE-2024-49023

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Moderate
  

CVEs have been published or revised in the Security Update Guide

October 23, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-0132

  • Title: NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability
  • Version: 2.0
  • Reason for revision: In the Security Updates table, added Azure Kubernetes Service Node on Azure Linux and Azure Kubernetes Service Node on Ubuntu Linux because these product are also affected by this vulnerability. Microsoft strongly recommends that customers using these products install the updates to be fully protected from the vulnerability.
  • Originally released: October 9, 2024
  • Last updated: October 23, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-43483

  • Title: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
  • Version: 2.0
  • Reason for revision: Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/69](https://github.com/PowerShell/Announcements/issues/69) for more information.
  • Originally released: October 8, 2024
  • Last updated: October 23, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43484

  • Title: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
  • Version: 2.0
  • Reason for revision: Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/70](https://github.com/PowerShell/Announcements/issues/70) for more information.
  • Originally released: October 8, 2024
  • Last updated: October 23, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43485

  • Title: .NET and Visual Studio Denial of Service Vulnerability
  • Version: 2.0
  • Reason for revision: Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/71](https://github.com/PowerShell/Announcements/issues/71) for more information.
  • Originally released: October 8, 2024
  • Last updated: October 23, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-43577

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Low

CVE-2024-49023

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 17, 2024
  • Last updated: October 17, 2024
  • Aggregate CVE Severity Rating: Moderate
  

CVEs have been published or revised in the Security Update Guide

October 28, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-24023

  • Title: Mitre: CVE-2023-24023 Bluetooth Vulnerability
  • Version: 1.1
  • Reason for revision: The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.
  • Originally released: November 14, 2023
  • Last updated: January 18, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36008

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-36026

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-5997

  • Title: Chromium: CVE-2023-5997 Use after free in Garbage Collection
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 10, 2024
  • Aggregate CVE Severity Rating:

CVE-2023-6112

  • Title: Chromium: CVE-2023-6112 Use after free in Navigation
  • Version: 1.1
  • Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.
  • Originally released: November 16, 2023
  • Last updated: October 28, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide

October 31, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-10487

  • Title: Chromium: CVE-2024-10487: Out of bounds write in Dawn
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 31, 2024
  • Last updated: October 31, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-10488

  • Title: Chromium: CVE-2024-10488 Use after free in WebRTC
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 31, 2024
  • Last updated: October 31, 2024

Aggregate CVE Severity Rating:

Edge update to patch all the issues above: https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security

 

Came in today:

 

 

More Edge issues!

 

CVEs have been published or revised in the Security Update Guide

November 7, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-10826

  • Title: Chromium: CVE-2024-10826 Use after free in Family Experiences
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 7, 2024
  • Last updated: November 7, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-10827

  • Title: Chromium: CVE-2024-10827 Use after free in Serial
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 7, 2024
  • Last updated: November 7, 2024
  • Aggregate CVE Severity Rating:
  

Microsoft Edge (Stable) 130.0.2849.80
Release date: November 7, 2024

 

 

Reply


Terms & Conditions