Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows Kernel Elevation of Privilege Vulnerability - 20240429001 #681

Merged
merged 56 commits into from
Apr 29, 2024
Merged

Windows Kernel Elevation of Privilege Vulnerability - 20240429001 #681

Changes from all commits
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
278edae
SolarWinds Releases Patches for Access Rights Manager vulnerabilities…
LSerki Feb 19, 2024
c3843ff
Format markdown files
actions-user Feb 19, 2024
19a0bea
Merge branch 'main' into main
DGovEnterprise Feb 19, 2024
8f618ef
Format markdown files
actions-user Feb 19, 2024
f609904
Merge branch 'main' into main
DGovEnterprise Feb 19, 2024
7ce4db9
Merge branch 'wagov:main' into main
LSerki Feb 26, 2024
1085825
Junos OS RCE Vulnerability - 20240226002
LSerki Feb 26, 2024
3a8ebc5
Format markdown files
actions-user Feb 26, 2024
32a6776
Merge branch 'wagov:main' into main
LSerki Mar 8, 2024
d4b486a
Windows Themes Spoofing Vulnerability - 20240308003
LSerki Mar 8, 2024
6b07edd
Format markdown files
actions-user Mar 8, 2024
a69b437
Windows Themes Spoofing Vulnerability - 20240308003 - edited
LSerki Mar 8, 2024
f8e4c95
Merge branch 'wagov:main' into main
LSerki Mar 18, 2024
ad72a95
Akamai Kubernetes Vulnerability - 20240318002
LSerki Mar 18, 2024
60190b7
Format markdown files
actions-user Mar 18, 2024
9faea7b
Merge branch 'wagov:main' into main
LSerki Mar 27, 2024
0fa90ae
CISA Releases Multiple Critical Infrastructure Related Advisories - 2…
LSerki Mar 27, 2024
0b47143
Format markdown files
actions-user Mar 27, 2024
6f8fded
Merge branch 'wagov:main' into main
LSerki Apr 8, 2024
e61faa2
PGAdmin Remote Code Execution Vulnerability - 20240408001
LSerki Apr 8, 2024
b26ffaa
Format markdown files
actions-user Apr 8, 2024
47c8377
Merge branch 'main' into main
DGovEnterprise Apr 8, 2024
d01dc78
Update 20240408001-PGAdmin-Remote-Code-Execution-Vulnerability.md
DGovEnterprise Apr 8, 2024
d4849d9
Format markdown files
actions-user Apr 8, 2024
603cee1
Merge branch 'wagov:main' into main
LSerki Apr 15, 2024
1d093d3
Palo Alto Networks PAN-OS Command Injection Vulnerability added to CI…
LSerki Apr 15, 2024
fe1b80e
Format markdown files
actions-user Apr 15, 2024
a306442
Merge branch 'wagov:main' into main
LSerki Apr 15, 2024
7baaae6
Palo Alto Networks PAN-OS Command Injection Vulnerability added to CI…
LSerki Apr 15, 2024
c00daef
Format markdown files
actions-user Apr 15, 2024
5a1258f
Update 20240415001-PaloAlto-Networks-PAN-OS-Command-Injection-Vulnera…
DGovEnterprise Apr 15, 2024
5f3fe63
Format markdown files
actions-user Apr 15, 2024
03077aa
Merge branch 'main' into main
DGovEnterprise Apr 15, 2024
5f584d2
Merge branch 'wagov:main' into main
LSerki Apr 18, 2024
80309c7
Google Chrome Multiple RCE Vulnerabilities - 20240418002
LSerki Apr 18, 2024
a3ee4fe
Format markdown docs
LSerki Apr 18, 2024
ee2dff0
Remove duplicate 20240415001-PaloAlto
LSerki Apr 18, 2024
1b02629
Update 20240418002-Google-Chrome-Multiple-RCE-Vulnerabilities.md
DGovEnterprise Apr 18, 2024
dc6cd3d
Format markdown docs
DGovEnterprise Apr 18, 2024
ce33eaa
Merge branch 'wagov:main' into main
LSerki Apr 19, 2024
c4c283c
Libreswan Popular VPN Software Vulnerability - 20240419004
LSerki Apr 19, 2024
06cb004
Format markdown docs
LSerki Apr 19, 2024
b74d3dc
Update 20240419004-Libreswan-Popular-VPN-Software-Vulnerability.md
DGovEnterprise Apr 19, 2024
ebe4ab0
Merge branch 'main' into main
DGovEnterprise Apr 19, 2024
90f2f1d
Merge branch 'main' into main
DGovEnterprise Apr 19, 2024
23f9188
Merge branch 'main' into main
DGovEnterprise Apr 19, 2024
bab24bb
Merge branch 'wagov:main' into main
LSerki Apr 22, 2024
91507bb
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability…
LSerki Apr 22, 2024
05d1d36
Format markdown docs
LSerki Apr 22, 2024
ebcb503
Merge branch 'main' into main
DGovEnterprise Apr 22, 2024
2422301
Update 20240422002-Microsoft-Edge-Chromium-based-Security-Feature-Byp…
DGovEnterprise Apr 22, 2024
ecc5c85
Merge branch 'wagov:main' into main
LSerki Apr 29, 2024
b9c34fd
Windows Kernel Elevation of Privilege Vulnerability - 20240429001
LSerki Apr 29, 2024
ba4f508
Format markdown docs
LSerki Apr 29, 2024
f431daf
Merge branch 'main' into main
DGovEnterprise Apr 29, 2024
1a57d23
Update 20240429001-Windows-Kernel-Elevation-of-Privilege-Vulnerabilit…
DGovEnterprise Apr 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions docs/advisories/20240429001-Windows-Kernel-Elevation-of-Privilege-Vulnerability.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Windows Kernel Elevation of Privilege Vulnerability - 20240429001

## Overview

The Windows Kernel Elevation of Privilege vulnerability allows authenticated attackers to escalate privileges to the SYSTEM level, granting them full control over affected systems.

## What is vulnerable?

| CVE | Severity | CVSS | Product(s) Affected |
| ----------------------------------------------------------------- | -------- | ---- | ---------------------------------------------------------------- |
| [CVE-2024-21345](https://nvd.nist.gov/vuln/detail/CVE-2024-21345) | **High** | 8.8 | **Windows Server 2022, 23H2 Edition** (Server Core installation) |

## Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)):

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21345