Input Method Editor (IME) Remote Code Execution Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
SQL Server Native Client Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows Shell Remote Code Execution Vulnerability
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Remote Desktop Protocol Server Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Windows DWM Core Library Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Storage Elevation of Privilege Vulnerability
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
Microsoft Management Console Remote Code Execution Vulnerability
Microsoft PowerPoint Remote Code Execution Vulnerability
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Azure IoT SDK Remote Code Execution Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Windows Network Virtualization Remote Code Execution Vulnerability
Windows Deployment Services Remote Code Execution Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Xbox Wireless Adapter Remote Code Execution Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.