Windows 10: Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable

Discus and support Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable in Windows 10 Software and Apps to solve the problem; Good day all,Not sure if the community is aware, but even though we are patched with this KB. It is being flagged as vulnerable per below. Is there a... Discussion in 'Windows 10 Software and Apps' started by FULsickE, Jul 16, 2024.

  1. FULSICKE
    FULsickE Win User

    Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable


    Good day all,Not sure if the community is aware, but even though we are patched with this KB. It is being flagged as vulnerable per below. Is there a fix or any insight as to why it's still being flagged? Thank you.This is being picked up by Crowdstrike Spotlight.C:\Windows\System32\gdi32full.dllVersion10.0.22621.3672Expected Value10.0.22621.3880

    :)
     
    FULsickE, Jul 16, 2024
    #1
  2. NICK ADSL UK
    NICK ADSL UK Win User

    Microsoft July 2024 Security Updates

    July 2024 Security Updates

    This release consists of the following 139 Microsoft CVEs:

    Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?




    SQL Server CVE-2024-20701

    SQL Server CVE-2024-21303

    SQL Server CVE-2024-21308

    SQL Server CVE-2024-21317

    SQL Server CVE-2024-21331

    SQL Server CVE-2024-21332

    SQL Server CVE-2024-21333

    SQL Server CVE-2024-21335

    SQL Server CVE-2024-21373

    SQL Server CVE-2024-21398

    SQL Server CVE-2024-21414

    SQL Server CVE-2024-21415

    Windows CoreMessaging CVE-2024-21417

    SQL Server CVE-2024-21425

    SQL Server CVE-2024-21428

    SQL Server CVE-2024-21449

    Windows Secure Boot CVE-2024-26184

    Windows Secure Boot CVE-2024-28899

    SQL Server CVE-2024-28928

    Windows MultiPoint Services CVE-2024-30013

    Microsoft Dynamics CVE-2024-30061

    Windows Remote Access Connection Manager CVE-2024-30071

    Windows Remote Access Connection Manager CVE-2024-30079

    Windows NTLM CVE-2024-30081

    Windows Cryptographic Services CVE-2024-30098

    .NET and Visual Studio CVE-2024-30105

    Microsoft Office SharePoint CVE-2024-32987

    SQL Server CVE-2024-35256

    Azure Network Watcher CVE-2024-35261

    .NET and Visual Studio CVE-2024-35264

    Azure DevOps CVE-2024-35266

    Azure DevOps CVE-2024-35267

    Windows iSCSI CVE-2024-35270

    SQL Server CVE-2024-35271

    SQL Server CVE-2024-35272

    SQL Server CVE-2024-37318

    SQL Server CVE-2024-37319

    SQL Server CVE-2024-37320

    SQL Server CVE-2024-37321

    SQL Server CVE-2024-37322

    SQL Server CVE-2024-37323

    SQL Server CVE-2024-37324

    SQL Server CVE-2024-37326

    SQL Server CVE-2024-37327

    SQL Server CVE-2024-37328

    SQL Server CVE-2024-37329

    SQL Server CVE-2024-37330

    SQL Server CVE-2024-37331

    SQL Server CVE-2024-37332

    SQL Server CVE-2024-37333

    SQL Server CVE-2024-37334

    SQL Server CVE-2024-37336

    Windows Secure Boot CVE-2024-37969

    Windows Secure Boot CVE-2024-37970

    Windows Secure Boot CVE-2024-37971

    Windows Secure Boot CVE-2024-37972

    Windows Secure Boot CVE-2024-37973

    Windows Secure Boot CVE-2024-37974

    Windows Secure Boot CVE-2024-37975

    Windows Secure Boot CVE-2024-37977

    Windows Secure Boot CVE-2024-37978

    Windows Secure Boot CVE-2024-37981

    Windows Secure Boot CVE-2024-37984

    Windows Secure Boot CVE-2024-37986

    Windows Secure Boot CVE-2024-37987

    Windows Secure Boot CVE-2024-37988

    Windows Secure Boot CVE-2024-37989

    Windows Secure Boot CVE-2024-38010

    Windows Secure Boot CVE-2024-38011

    Windows Server Backup CVE-2024-38013

    Windows Remote Desktop CVE-2024-38015

    Windows Message Queuing CVE-2024-38017

    Windows Performance Monitor CVE-2024-38019

    Microsoft Office Outlook CVE-2024-38020

    Microsoft Office CVE-2024-38021

    Windows Image Acquisition CVE-2024-38022

    Microsoft Office SharePoint CVE-2024-38023

    Microsoft Office SharePoint CVE-2024-38024

    Windows Performance Monitor CVE-2024-38025

    Line Printer Daemon Service (LPD) CVE-2024-38027

    Windows Performance Monitor CVE-2024-38028

    Windows Themes CVE-2024-38030

    Windows Online Certificate Status Protocol (OCSP) CVE-2024-38031

    XBox Crypto Graphic Services CVE-2024-38032

    Windows PowerShell CVE-2024-38033

    Windows Filtering CVE-2024-38034

    Windows Kernel CVE-2024-38041

    Windows PowerShell CVE-2024-38043

    Windows DHCP Server CVE-2024-38044

    Windows PowerShell CVE-2024-38047

    NDIS CVE-2024-38048

    Windows Distributed Transaction Coordinator CVE-2024-38049

    Windows Workstation Service CVE-2024-38050

    Microsoft Graphics Component CVE-2024-38051

    Microsoft Streaming Service CVE-2024-38052

    Windows Internet Connection Sharing (ICS) CVE-2024-38053

    Microsoft Streaming Service CVE-2024-38054

    Microsoft Windows Codecs Library CVE-2024-38055

    Microsoft Windows Codecs Library CVE-2024-38056

    Microsoft Streaming Service CVE-2024-38057

    Windows BitLocker CVE-2024-38058

    Windows Win32K - ICOMP CVE-2024-38059

    Microsoft Windows Codecs Library CVE-2024-38060

    Role: Active Directory Certificate Services; Active Directory Domain Services CVE-2024-38061

    Windows Kernel-Mode Drivers CVE-2024-38062

    Windows TCP/IP CVE-2024-38064

    Windows Secure Boot CVE-2024-38065

    Windows Win32K - GRFX CVE-2024-38066

    Windows Online Certificate Status Protocol (OCSP) CVE-2024-38067

    Windows Online Certificate Status Protocol (OCSP) CVE-2024-38068

    Windows Enroll Engine CVE-2024-38069

    Windows LockDown Policy (WLDP) CVE-2024-38070

    Windows Remote Desktop Licensing Service CVE-2024-38071

    Windows Remote Desktop Licensing Service CVE-2024-38072

    Windows Remote Desktop Licensing Service CVE-2024-38073

    Windows Remote Desktop Licensing Service CVE-2024-38074

    Active Directory Federation Services CVE-2024-38075

    Windows Remote Desktop CVE-2024-38076

    Windows Remote Desktop Licensing Service CVE-2024-38077

    XBox Crypto Graphic Services CVE-2024-38078

    Microsoft Graphics Component CVE-2024-38079

    Role: Windows Hyper-V CVE-2024-38080

    .NET and Visual Studio CVE-2024-38081

    Windows Win32 Kernel Subsystem CVE-2024-38085

    Azure Kinect SDK CVE-2024-38086

    SQL Server CVE-2024-38087

    SQL Server CVE-2024-38088

    Microsoft Defender for IoT CVE-2024-38089

    Microsoft WS-Discovery CVE-2024-38091

    Azure CycleCloud CVE-2024-38092

    Microsoft Office SharePoint CVE-2024-38094

    .NET and Visual Studio CVE-2024-38095

    Windows Remote Desktop Licensing Service CVE-2024-38099

    Windows COM Session CVE-2024-38100

    Windows Internet Connection Sharing (ICS) CVE-2024-38101

    Windows Internet Connection Sharing (ICS) CVE-2024-38102

    Windows Fax and Scan Service CVE-2024-38104

    Windows Internet Connection Sharing (ICS) CVE-2024-38105

    Windows MSHTML Platform CVE-2024-38112

    We are republishing 4 non-Microsoft CVEs:

    CNA Tag CVE FAQs? Workarounds? Mitigations?

    CERT/CC NPS RADIUS Server CVE-2024-3596 Yes No No

    Intel Intel CVE-2024-37985 Yes No No

    GitHub Active Directory Rights Management Services CVE-2024-38517 Yes No No

    Github Active Directory Rights Management Services CVE-2024-39684 Yes No No

    Security Update Guide Blog Posts

    Date Blog Post

    June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs

    April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs

    January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API

    January 11, 2022 Coming Soon: New Security Update Guide Notification System

    February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

    January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

    December 8, 2020 Security Update Guide: Let’s keep the conversation going

    November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

    Relevant Resources

    • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
    • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
    • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    Known Issues

    You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

    For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To

    5040427 Windows 10, version 21H2, Windows 10, version 22H2

    5040430 Windows 10, version 1809, Windows Server 2019

    5040431 Windows 11, version 21H2

    5040437 Windows Server 2022

    5040442 Windows 11, version 22H2, Windows 11, version 23H2

    5040490 Windows Server 2008 (Security-only update)

    5040499 Windows Server 2008 (Monthly Rollup)

    Released: Jul 9, 2024

    July 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
     
    NICK ADSL UK, Jul 16, 2024
    #2
  3. NICK ADSL UK
    NICK ADSL UK Win User
    Microsoft April 2024 Security Updates

    This release consists of the following 149 Microsoft CVEs:

    Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

    Windows BitLocker CVE-2024-20665

    Windows Secure Boot CVE-2024-20669

    Microsoft Office Outlook CVE-2024-20670

    Azure Private 5G Core CVE-2024-20685

    Windows Secure Boot CVE-2024-20688

    Windows Secure Boot CVE-2024-20689

    Windows Kernel CVE-2024-20693

    Microsoft Defender for IoT CVE-2024-21322

    Microsoft Defender for IoT CVE-2024-21323

    Microsoft Defender for IoT CVE-2024-21324

    .NET and Visual Studio CVE-2024-21409

    Azure Compute Gallery CVE-2024-21424

    Windows Authentication Methods CVE-2024-21447

    Microsoft Install Service CVE-2024-26158

    Windows Secure Boot CVE-2024-26168

    Windows Secure Boot CVE-2024-26171

    Windows DWM Core Library CVE-2024-26172

    Windows Secure Boot CVE-2024-26175

    Windows Routing and Remote Access Service (RRAS) CVE-2024-26179

    Windows Secure Boot CVE-2024-26180

    Windows Kerberos CVE-2024-26183

    Windows Secure Boot CVE-2024-26189

    Azure Migrate CVE-2024-26193

    Windows Secure Boot CVE-2024-26194

    Windows DHCP Server CVE-2024-26195

    Windows Routing and Remote Access Service (RRAS) CVE-2024-26200

    Windows DHCP Server CVE-2024-26202

    Windows Routing and Remote Access Service (RRAS) CVE-2024-26205

    Windows Remote Access Connection Manager CVE-2024-26207

    Windows Message Queuing CVE-2024-26208

    Windows Local Security Authority Subsystem Service (LSASS) CVE-2024-26209

    Microsoft WDAC OLE DB provider for SQL CVE-2024-26210

    Windows Remote Access Connection Manager CVE-2024-26211

    Windows DHCP Server CVE-2024-26212

    Microsoft Brokering File System CVE-2024-26213

    Microsoft WDAC ODBC Driver CVE-2024-26214

    Windows DHCP Server CVE-2024-26215

    Windows File Server Resource Management Service CVE-2024-26216

    Windows Remote Access Connection Manager CVE-2024-26217

    Windows Kernel CVE-2024-26218

    Windows HTTP.sys CVE-2024-26219

    Windows Mobile Hotspot CVE-2024-26220

    Role: DNS Server CVE-2024-26221

    Role: DNS Server CVE-2024-26222

    Role: DNS Server CVE-2024-26223

    Role: DNS Server CVE-2024-26224

    Windows Distributed File System (DFS) CVE-2024-26226

    Role: DNS Server CVE-2024-26227

    Windows Cryptographic Services CVE-2024-26228

    Windows Kernel CVE-2024-26229

    Windows Remote Access Connection Manager CVE-2024-26230

    Role: DNS Server CVE-2024-26231

    Windows Message Queuing CVE-2024-26232

    Role: DNS Server CVE-2024-26233

    Windows Proxy Driver CVE-2024-26234

    Windows Update Stack CVE-2024-26235

    Windows Update Stack CVE-2024-26236

    Windows Defender Credential Guard CVE-2024-26237

    Windows Remote Access Connection Manager CVE-2024-26239

    Windows Secure Boot CVE-2024-26240

    Windows Win32K - ICOMP CVE-2024-26241

    Windows Telephony Server CVE-2024-26242

    Windows USB Print Driver CVE-2024-26243

    Microsoft WDAC OLE DB provider for SQL CVE-2024-26244

    Windows Kernel CVE-2024-26245

    Windows Kerberos CVE-2024-26248

    Windows Secure Boot CVE-2024-26250

    Microsoft Office SharePoint CVE-2024-26251

    Windows Internet Connection Sharing (ICS) CVE-2024-26252

    Windows Internet Connection Sharing (ICS) CVE-2024-26253

    Windows Virtual Machine Bus CVE-2024-26254

    Windows Remote Access Connection Manager CVE-2024-26255

    Windows Compressed Folder CVE-2024-26256

    Microsoft Office Excel CVE-2024-26257

    Windows Secure Boot CVE-2024-28896

    Windows Secure Boot CVE-2024-28897

    Windows Secure Boot CVE-2024-28898

    Windows Remote Access Connection Manager CVE-2024-28900

    Windows Remote Access Connection Manager CVE-2024-28901

    Windows Remote Access Connection Manager CVE-2024-28902

    Windows Secure Boot CVE-2024-28903

    Microsoft Brokering File System CVE-2024-28904

    Microsoft Brokering File System CVE-2024-28905

    SQL Server CVE-2024-28906

    Microsoft Brokering File System CVE-2024-28907

    SQL Server CVE-2024-28908

    SQL Server CVE-2024-28909

    SQL Server CVE-2024-28910

    SQL Server CVE-2024-28911

    SQL Server CVE-2024-28912

    SQL Server CVE-2024-28913

    SQL Server CVE-2024-28914

    SQL Server CVE-2024-28915

    Azure Arc CVE-2024-28917

    Windows Secure Boot CVE-2024-28919

    Windows Secure Boot CVE-2024-28920

    Windows Secure Boot CVE-2024-28921

    Windows Secure Boot CVE-2024-28922

    Windows Secure Boot CVE-2024-28923

    Windows Secure Boot CVE-2024-28924

    Windows Secure Boot CVE-2024-28925

    SQL Server CVE-2024-28926

    SQL Server CVE-2024-28927

    SQL Server CVE-2024-28929

    SQL Server CVE-2024-28930

    SQL Server CVE-2024-28931

    SQL Server CVE-2024-28932

    SQL Server CVE-2024-28933

    SQL Server CVE-2024-28934

    SQL Server CVE-2024-28935

    SQL Server CVE-2024-28936

    SQL Server CVE-2024-28937

    SQL Server CVE-2024-28938

    SQL Server CVE-2024-28939

    SQL Server CVE-2024-28940

    SQL Server CVE-2024-28941

    SQL Server CVE-2024-28942

    SQL Server CVE-2024-28943

    SQL Server CVE-2024-28944

    SQL Server CVE-2024-28945

    SQL Server CVE-2024-29043

    SQL Server CVE-2024-29044

    SQL Server CVE-2024-29045

    SQL Server CVE-2024-29046

    SQL Server CVE-2024-29047

    SQL Server CVE-2024-29048

    Microsoft Edge (Chromium-based) CVE-2024-29049

    Windows Cryptographic Services CVE-2024-29050

    Windows Storage CVE-2024-29052

    Microsoft Defender for IoT CVE-2024-29053

    Microsoft Defender for IoT CVE-2024-29054

    Microsoft Defender for IoT CVE-2024-29055

    Windows Authentication Methods CVE-2024-29056

    Windows Secure Boot CVE-2024-29061

    Windows Secure Boot CVE-2024-29062

    Azure AI Search CVE-2024-29063

    Role: Windows Hyper-V CVE-2024-29064

    Windows Distributed File System (DFS) CVE-2024-29066

    Microsoft Edge (Chromium-based) CVE-2024-29981

    SQL Server CVE-2024-29982

    SQL Server CVE-2024-29983

    SQL Server CVE-2024-29984

    SQL Server CVE-2024-29985

    Internet Shortcut Files CVE-2024-29988

    Azure Monitor CVE-2024-29989

    Microsoft Azure Kubernetes Service CVE-2024-29990

    Azure SDK CVE-2024-29992

    Azure CVE-2024-29993

    We are republising 6 non-Microsoft CVEs:

    CNA Tag CVE FAQs? Workarounds? Mitigations?

    Intel Corporation Intel CVE-2024-2201 Yes No No

    Lenovo Windows Secure Boot CVE-2024-23593 Yes No No

    Lenovo Windows Secure Boot CVE-2024-23594 Yes No No

    Chrome Microsoft Edge (Chromium-based) CVE-2024-3156 Yes No No

    Chrome Microsoft Edge (Chromium-based) CVE-2024-3158 Yes No No

    Chrome Microsoft Edge (Chromium-based) CVE-2024-3159 Yes No No

    Security Update Guide Blog Posts

    Date Blog Post

    April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs

    January 11, 2022 Coming Soon: New Security Update Guide Notification System

    February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

    January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

    December 8, 2020 Security Update Guide: Let’s keep the conversation going

    November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

    Relevant Resources

    • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
    • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
    • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    Known Issues

    You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

    For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To

    5036892 Windows 10, version 21H2, Windows 10, version 22H2

    5036932 Windows Server 2008 (Monthly Rollup)

    5036950 Windows Server 2008 (Security-only update)

    Released: Apr 9, 2024

    April 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
     
    NICK ADSL UK, Jul 16, 2024
    #3
  4. NICK ADSL UK
    NICK ADSL UK Win User

    Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable

    Microsoft June 2024 Security Updates

    June 2024 Security Updates

    This release consists of the following 49 Microsoft CVEs:

    Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?




    Visual Studio CVE-2024-29060

    Visual Studio CVE-2024-30052

    Windows Server Service CVE-2024-30062

    Windows Distributed File System (DFS) CVE-2024-30063

    Windows Kernel CVE-2024-30064

    Windows Themes CVE-2024-30065

    Winlogon CVE-2024-30066

    Winlogon CVE-2024-30067

    Windows Kernel CVE-2024-30068

    Windows Remote Access Connection Manager CVE-2024-30069

    Windows DHCP Server CVE-2024-30070

    Windows Event Logging Service CVE-2024-30072

    Windows Link Layer Topology Discovery Protocol CVE-2024-30074

    Windows Link Layer Topology Discovery Protocol CVE-2024-30075

    Windows Container Manager Service CVE-2024-30076

    Microsoft WDAC OLE DB provider for SQL CVE-2024-30077

    Windows Wi-Fi Driver CVE-2024-30078

    Windows Server Service CVE-2024-30080

    Windows Win32K - GRFX CVE-2024-30082

    Windows Standards-Based Storage Management Service CVE-2024-30083

    Windows Kernel-Mode Drivers CVE-2024-30084

    Windows Cloud Files Mini Filter Driver CVE-2024-30085

    Windows Win32 Kernel Subsystem CVE-2024-30086

    Windows Win32K - GRFX CVE-2024-30087

    Windows NT OS Kernel CVE-2024-30088

    Microsoft Streaming Service CVE-2024-30089

    Microsoft Streaming Service CVE-2024-30090

    Windows Win32K - GRFX CVE-2024-30091

    Windows Storage CVE-2024-30093

    Windows Routing and Remote Access Service (RRAS) CVE-2024-30094

    Windows Routing and Remote Access Service (RRAS) CVE-2024-30095

    Windows Cryptographic Services CVE-2024-30096

    Microsoft Windows Speech CVE-2024-30097

    Windows NT OS Kernel CVE-2024-30099

    Microsoft Office SharePoint CVE-2024-30100

    Microsoft Office CVE-2024-30101

    Microsoft Office Word CVE-2024-30102

    Microsoft Office Outlook CVE-2024-30103

    Microsoft Office CVE-2024-30104

    Dynamics Business Central CVE-2024-35248

    Dynamics Business Central CVE-2024-35249

    Windows Kernel-Mode Drivers CVE-2024-35250

    Azure Storage Library CVE-2024-35252

    Azure File Sync CVE-2024-35253

    Azure Monitor CVE-2024-35254

    Azure SDK CVE-2024-35255

    Microsoft Dynamics CVE-2024-35263

    Windows Perception Service CVE-2024-35265

    Azure Data Science Virtual Machines CVE-2024-37325

    We are republishing 9 non-Microsoft CVEs:

    CNA Tag CVE FAQs? Workarounds? Mitigations?

    MITRE Corporation Microsoft Windows CVE-2023-50868

    GitHub Visual Studio CVE-2024-29187

    Chrome Microsoft Edge (Chromium-based) CVE-2024-5493

    Chrome Microsoft Edge (Chromium-based) CVE-2024-5494

    Chrome Microsoft Edge (Chromium-based) CVE-2024-5495

    Chrome Microsoft Edge (Chromium-based) CVE-2024-5496

    Chrome Microsoft Edge (Chromium-based) CVE-2024-5497

    Chrome Microsoft Edge (Chromium-based) CVE-2024-5498

    Chrome Microsoft Edge (Chromium-based) CVE-2024-5499

    Security Update Guide Blog Posts

    Date Blog Post

    April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs

    January 11, 2022 Coming Soon: New Security Update Guide Notification System

    February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

    January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

    December 8, 2020 Security Update Guide: Let’s keep the conversation going

    November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

    Relevant Resources

    • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
    • Windows 10 updates and Windows 11 are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
    • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    Known Issues

    You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

    For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To

    5039211 Windows 10, version 21H2, Windows 10, version 22H2

    5039213 Windows 11, version 21H2

    5039227 Windows Server 2022

    5039245 Windows Server 2008 (Monthly Rollup)

    5039266 Windows Server 2008 (Security-only update)

    Released: Jun 11, 2024

    Security Update Guide - Microsoft Security Response Center
     
    NICK ADSL UK, Jul 16, 2024
    #4
Thema:

Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable

Loading...

  1. Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable - Similar Threads - Security Update KB5040442

  2. Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable

    in Windows 10 Gaming
    Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable: Good day all,Not sure if the community is aware, but even though we are patched with this KB. It is being flagged as vulnerable per below. Is there a fix or any insight as to why it's still being flagged? Thank you.This is being picked up by Crowdstrike...

  3. security updates will not download cve-2024-30078

    in Windows 10 Software and Apps
    security updates will not download cve-2024-30078: windows update security will not download update CVE-2024-30078 and logofail update https://answers.microsoft.com/en-us/windows/forum/all/security-updates-will-not-download-cve-2024-30078/9dc409d8-c112-40e5-a279-c9cd6cb682f0

  4. security updates will not download cve-2024-30078

    in Windows 10 Gaming
    security updates will not download cve-2024-30078: windows update security will not download update CVE-2024-30078 and logofail update https://answers.microsoft.com/en-us/windows/forum/all/security-updates-will-not-download-cve-2024-30078/9dc409d8-c112-40e5-a279-c9cd6cb682f0

  5. CVE-2023-38545 cURL vulnerability

    in Windows 10 Gaming
    CVE-2023-38545 cURL vulnerability: Hello!I have a lot of workstations affected by this that are being classified as vulnerable by Tenable. All of these have cURL onboard pre-installed on the machines. I see this means we have to wait for Microsoft to release an update. Can someone please provide any idea as to...

  6. CVE-2023-38545 cURL vulnerability

    in Windows 10 Software and Apps
    CVE-2023-38545 cURL vulnerability: Hello!I have a lot of workstations affected by this that are being classified as vulnerable by Tenable. All of these have cURL onboard pre-installed on the machines. I see this means we have to wait for Microsoft to release an update. Can someone please provide any idea as to...

  7. BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

    in AntiVirus, Firewalls and System Security
    BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175: Hello,This is a about CVE-2022-41099 and KB5025175.Firstly, the KB5025175 page provides PatchWinREScript_2004plus.ps1 and PatchWinREScript_General.ps1 as "Sample" scripts, presumably expecting us to read and understand them before running them.- Could we have a "download"...

  8. Vulnerability CVE-2021-36934

    in Windows 10 BSOD Crashes and Debugging
    Vulnerability CVE-2021-36934: I saw in the press that an additional vulnerability of Windows 10, known as CVE-2021-36934, can be remedied at list until a Microsoft patch is available by running as administrator Win 10 Powershell and then typing: icacls $env:windir\system32\config\*.*...

  9. CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability Security Vulnerability Published:...

    in Windows 10 Installation and Upgrade
    CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability Security Vulnerability Published:...: Having Windows 10 for some time now, I'm sure along with others, Microsoft continues seemingly monthly, at minimum to post update WARNINGS. WHY is such a company continually putting out updates for their customers with Windows 10 when they themselves don't take the proper...

  10. CVE-2019-0627 - Windows Security Feature Bypass Vulnerability

    in Windows 10 News
    CVE-2019-0627 - Windows Security Feature Bypass Vulnerability: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability,...