Tenable

NOVEMBER 12, 2024

Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate. It was assigned a CVSSv3 score of 9.8

Windows 115

Windows Software Review Azure Systems Review 115

Tenable

SEPTEMBER 10, 2024

Microsoft notes that only optional components enabled from the following list are affected: NET Framework 4.6 In order to exploit this flaw, an attacker must be authenticated to a target system and convince a user to download a crafted file. Advanced Services ASP.NET 4.6 This vulnerability was assigned a CVSSv3 score of 7.3

Windows 118

Windows Azure Authentication SMB 118

Tenable

MARCH 8, 2022

This month’s update includes patches for: NET and Visual Studio. Windows SMB Server. An authenticated user can exploit this vulnerability to execute arbitrary code on an affected server. and can be exploited by a local, authenticated attacker. NET and Visual Studio Remote Code Execution Vulnerability. 3 Critical.

Windows 100

Windows Authentication SMB .Net 100

Tenable

AUGUST 9, 2022

This month’s update includes patches for: NET Core. All three vulnerabilities require authentication and user interaction to exploit — an attacker would need to entice a target to visit a specially crafted Exchange server, likely through phishing. CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability.

SMB 66

SMB Azure Windows Disaster Recovery 66

Tenable

APRIL 12, 2022

This month’s update includes patches for: NET Framework. Windows SMB. EoP flaws like this one are leveraged post-authentication, after an attacker has successfully accessed a vulnerable system, to gain higher permissions. On April 26,NET Framework 4.5.2, 9 Critical. 108 Important. 0 Moderate. Azure Site Recovery.

Windows 98

Windows Systems Review Software Review SMB 98

Tenable

JUNE 14, 2022

This month’s update includes patches for: NET and Visual Studio. Windows SMB. this vulnerability can be exploited by a local, authenticated attacker. CVSSv3 score and can be exploited by a local, authenticated attacker. Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws.

Windows 97

Windows Azure Internet SMB 97

Tenable

MAY 11, 2021

This month's Patch Tuesday release includes fixes for: NET Core & Visual Studio. Windows SMB, Windows SSDP Service. An attacker would need to be authenticated in order to exploit these flaws, though successful exploitation would grant an attacker remote code execution through the creation of a SharePoint site. Windows OLE.

Windows 100

Windows SMB Wireless .Net 100