├── CISAPy ├── README.md └── cisapy.py ├── Github └── csvtomarkdowntable.py ├── Other ├── beacon.ps1 └── just-another-kusto-hacker-1.ps1 ├── Patch Tuesday ├── History │ ├── 2023-aug.txt │ ├── 2023-dec.txt │ ├── 2023-jul.txt │ ├── 2023-jun.txt │ ├── 2023-may.txt │ ├── 2023-nov.txt │ ├── 2023-oct.txt │ ├── 2023-sep.txt │ ├── 2024-apr.txt │ ├── 2024-aug.txt │ ├── 2024-dec.txt │ ├── 2024-feb.txt │ ├── 2024-jan.txt │ ├── 2024-jul.txt │ ├── 2024-jun.txt │ ├── 2024-mar.txt │ ├── 2024-may.txt │ ├── 2024-nov.txt │ ├── 2024-oct.txt │ ├── 2024-sep.txt │ ├── 2025-apr.txt │ ├── 2025-feb.txt │ ├── 2025-jan.txt │ ├── 2025-mar.txt │ └── 2025-may.txt ├── README.md └── patch_review.py ├── README.md ├── SIGMA ├── ExtractMitreTechniquesStats.py └── ListMitreTechniquesSIGMARule.py ├── Validation ├── hash_validator.py └── ip_validator.py └── Vulnerabilities └── README.md /CISAPy/README.md: -------------------------------------------------------------------------------- 1 | # CISAPy 2 | CISAPy is a small command line tool that lets you interact with the [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog). 3 | It offers the following functionalities: 4 | 1. Listing (filtered) vulnerabilities 5 | 2. Exporting (filtered) vulnerabilities 6 | 3. Provide statistics on when the vulnerabilities have been added to the list. 7 | 8 | Example of one of the Vulnerabilities in the catalog: 9 | ```JSON 10 | { 11 | "cveID": "CVE-2023-6448", 12 | "vendorProject": "Unitronics", 13 | "product": "Vision PLC and HMI", 14 | "vulnerabilityName": "Unitronics Vision PLC and HMI Insecure Default Password Vulnerability", 15 | "dateAdded": "2023-12-11", 16 | "shortDescription": "Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.", 17 | "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", 18 | "dueDate": "2023-12-18", 19 | "knownRansomwareCampaignUse": "Unknown", 20 | "notes": "Note that while it is possible to change the default password, implementors are encouraged to remove affected controllers from public networks per vendor advice: https://www.unitronicsplc.com/cyber_security_vision-samba/" 21 | } 22 | ``` 23 | 24 | ## Requirements 25 | To run this tool python3 must be installed. 26 | 27 | # Usage 28 | 29 | ## Windows 30 | 31 | ### Help 32 | ```PowerShell 33 | PS C:\scripts> python.exe .\cisapy.py -h 34 | usage: cisapy.py [-h] [-s] [-e] [-y YEAR] 35 | 36 | CISAPy by By twitter: @BertJanCyber, Github: Bert-JanP. CISAPy is a commandline tool that lets you interact with the CISA Known Exploited Vulnerabilities Catalog. It lets you fetch the vulnerabilities catalog to dynamic JSON and perform statistics analysis. 37 | 38 | optional arguments: 39 | -h, --help show this help message and exit 40 | -s, --stats Show statistics of vulnerabilities added for each year 41 | -e, --export Export vulnerabilities to a JSON file 42 | -y YEAR, --year YEAR Filter entries equal to or newer than the specified YEAR (format: YYYY) 43 | ``` 44 | 45 | ### List all vulnerabilities 46 | ```PowerShell 47 | PS C:\scripts> python.exe .\cisapy.py 48 | ``` 49 | 50 | ### List vulnerabilities that have been added in 2022 or newer 51 | ```PowerShell 52 | PS C:\scripts> python.exe .\cisapy.py -y 2022 53 | ``` 54 | 55 | ### List export results to JSON file 56 | ```PowerShell 57 | PS C:\scripts> python.exe .\cisapy.py -y 2022 -e 58 | Exported vulnerabilities to 'exported_cisa_vulnerabilities.json' 59 | ``` 60 | 61 | ### List statistics 62 | 63 | ```Bash 64 | PS C:\scripts> python.exe .\cisapy.py -s 65 | Vulnerabilities added in 66 | { 67 | "2021": 311, 68 | "2022": 555, 69 | "2023": 185 70 | } 71 | ``` 72 | 73 | ## Linux 74 | 75 | ### Help 76 | ```Bash 77 | bert-jan@ubuntu:~/scripts$ python3 cisapy.py -h 78 | usage: cisapy.py [-h] [-s] [-e] [-y YEAR] 79 | 80 | CISAPy by By twitter: @BertJanCyber, Github: Bert-JanP. CISAPy is a commandline tool that lets you interact with the CISA Known Exploited Vulnerabilities Catalog. It lets you fetch the vulnerabilities catalog to dynamic JSON and perform statistics analysis. 81 | 82 | options: 83 | -h, --help show this help message and exit 84 | -s, --stats Show statistics of vulnerabilities added for each year 85 | -e, --export Export vulnerabilities to a JSON file 86 | -y YEAR, --year YEAR Filter entries equal to or newer than the specified 87 | YEAR (format: YYYY) 88 | ``` 89 | 90 | ### List all vulnerabilities 91 | ```Bash 92 | bert-jan@ubuntu:~/scripts$ python3 cisapy.py 93 | ``` 94 | 95 | ### List vulnerabilities that have been added in 2022 or newer 96 | ```Bash 97 | bert-jan@ubuntu:~/scripts$ python3 cisapy.py -y 2022 98 | ``` 99 | 100 | ### List export results to JSON file 101 | ```Bash 102 | bert-jan@ubuntu:~/scripts$ python3 cisapy.py -y 2022 -e 103 | Exported vulnerabilities to 'exported_cisa_vulnerabilities.json' 104 | ``` 105 | 106 | ### List statistics 107 | 108 | ```Bash 109 | bert-jan@ubuntu:~/scripts$ python3 cisapy.py -s 110 | Vulnerabilities added in 111 | { 112 | "2021": 311, 113 | "2022": 555, 114 | "2023": 185 115 | } 116 | ``` -------------------------------------------------------------------------------- /CISAPy/cisapy.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import json 3 | import argparse 4 | from collections import defaultdict 5 | 6 | def get_vulnerabilities(year=None): 7 | url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" 8 | 9 | # Fetch JSON data 10 | response = requests.get(url) 11 | if response.status_code != 200: 12 | print("Failed to fetch data. Status code:", response.status_code) 13 | return [] 14 | 15 | json_data = response.json() 16 | 17 | # Check if "properties" key exists or not 18 | if "properties" in json_data and "vulnerabilities" in json_data["properties"]: 19 | vulnerabilities = json_data["properties"]["vulnerabilities"] 20 | elif "vulnerabilities" in json_data: 21 | # If "properties" key is absent but "vulnerabilities" key exists at the root level 22 | vulnerabilities = json_data["vulnerabilities"] 23 | else: 24 | print("JSON structure doesn't match the expected format.") 25 | return [] 26 | 27 | # Filter vulnerabilities based on the specified year 28 | if year: 29 | filtered_vulnerabilities = [vuln for vuln in vulnerabilities if vuln.get("dateAdded", "").startswith(year) or vuln.get("dateAdded", "") > year] 30 | return filtered_vulnerabilities 31 | else: 32 | return vulnerabilities 33 | 34 | def get_vulnerability_stats(): 35 | vulnerabilities = get_vulnerabilities() 36 | 37 | if vulnerabilities: 38 | stats = defaultdict(int) 39 | for vuln in vulnerabilities: 40 | year = vuln.get("dateAdded", "")[:4] 41 | stats[year] += 1 42 | 43 | return stats 44 | else: 45 | return {} 46 | 47 | def export_vulnerabilities(): 48 | vulnerabilities = get_vulnerabilities() 49 | 50 | if vulnerabilities: 51 | with open("exported_cisa_vulnerabilities.json", "w") as export_file: 52 | json.dump(vulnerabilities, export_file, indent=2) 53 | print("Exported vulnerabilities to 'exported_cisa_vulnerabilities.json'") 54 | else: 55 | print("No vulnerabilities found to export.") 56 | 57 | if __name__ == "__main__": 58 | parser = argparse.ArgumentParser(description="CISAPy by By twitter: @BertJanCyber, Github: Bert-JanP. CISAPy is a commandline tool that lets you interact with the CISA Known Exploited Vulnerabilities Catalog. It lets you fetch the vulnerabilities catalog to dynamic JSON and perform statistics analysis.") 59 | parser.add_argument("-s", "--stats", help="Show statistics of vulnerabilities added for each year", action="store_true") 60 | parser.add_argument("-e", "--export", help="Export vulnerabilities to a JSON file", action="store_true") 61 | parser.add_argument("-y", "--year", help="Filter entries equal to or newer than the specified YEAR (format: YYYY)", type=str) 62 | args = parser.parse_args() 63 | 64 | if args.stats: 65 | vulnerability_stats = get_vulnerability_stats() 66 | if vulnerability_stats: 67 | print("Vulnerabilities added in") 68 | print(json.dumps(vulnerability_stats, indent=2)) 69 | else: 70 | print("No vulnerability statistics found.") 71 | 72 | if args.export: 73 | export_vulnerabilities() 74 | 75 | if not args.stats and not args.export: 76 | vulnerabilities = get_vulnerabilities(args.year) 77 | if vulnerabilities: 78 | print(json.dumps(vulnerabilities, indent=2)) 79 | -------------------------------------------------------------------------------- /Github/csvtomarkdowntable.py: -------------------------------------------------------------------------------- 1 | import csv 2 | 3 | def csv_to_markdown(csv_file): 4 | table = [] 5 | 6 | with open(csv_file, 'r') as file: 7 | reader = csv.reader(file) 8 | 9 | for row in reader: 10 | table.append(row) 11 | 12 | markdown = '' 13 | 14 | # Generating the header row 15 | markdown += '| ' + ' | '.join(table[0]) + ' |\n' 16 | markdown += '| ' + ' | '.join(['---'] * len(table[0])) + ' |\n' 17 | 18 | # Generating the data rows 19 | for row in table[1:]: 20 | markdown += '| ' + ' | '.join(row) + ' |\n' 21 | 22 | return markdown 23 | 24 | # Example usage 25 | csv_file_path = 'cloud.csv' # Replace with the path to your CSV file 26 | markdown_table = csv_to_markdown(csv_file_path) 27 | 28 | output_file_path = 'output.md' # Replace with the desired output file path 29 | with open(output_file_path, 'w') as output_file: 30 | output_file.write(markdown_table) 31 | 32 | print(f"Markdown table has been written to '{output_file_path}'") 33 | -------------------------------------------------------------------------------- /Other/beacon.ps1: -------------------------------------------------------------------------------- 1 | write-host "hello Dutch Security Meetup!" -------------------------------------------------------------------------------- /Other/just-another-kusto-hacker-1.ps1: -------------------------------------------------------------------------------- 1 | Y2VydHV0aWwuZXhlIC11cmxjYWNoZSAtc3BsaXQgLWYgaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0JlcnQtSmFuUC9TZWNTY3JpcHRzL3JlZnMvaGVhZHMvbWFpbi9PdGhlci9iZWFjb24ucHMxIEhlbGxvS3VzdG8ucHMx -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-aug.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] August 2023 Security Updates 4 | [+] Found a total of 142 vulnerabilities 5 | [-] 18 Elevation of Privilege Vulnerabilities 6 | [-] 3 Security Feature Bypass Vulnerabilities 7 | [-] 23 Remote Code Execution Vulnerabilities 8 | [-] 10 Information Disclosure Vulnerabilities 9 | [-] 8 Denial of Service Vulnerabilities 10 | [-] 13 Spoofing Vulnerabilities 11 | [-] 42 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] ADV230003 - 0.0 - Microsoft Office Defense in Depth Update 14 | [-] CVE-2023-38180 - 7.5 - .NET and Visual Studio Denial of Service Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2023-29328 - 8.8 - Microsoft Teams Remote Code Execution Vulnerability 17 | [-] CVE-2023-29330 - 8.8 - Microsoft Teams Remote Code Execution Vulnerability 18 | [-] CVE-2023-35368 - 8.8 - Microsoft Exchange Remote Code Execution Vulnerability 19 | [-] CVE-2023-36882 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 20 | [-] CVE-2023-36910 - 9.8 - Microsoft Message Queuing Remote Code Execution Vulnerability 21 | [-] CVE-2023-36911 - 9.8 - Microsoft Message Queuing Remote Code Execution Vulnerability 22 | [-] CVE-2023-35381 - 8.8 - Windows Fax Service Remote Code Execution Vulnerability 23 | [-] CVE-2023-35385 - 9.8 - Microsoft Message Queuing Remote Code Execution Vulnerability 24 | [-] CVE-2023-35387 - 8.8 - Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability 25 | [-] CVE-2023-38185 - 8.8 - Microsoft Exchange Server Remote Code Execution Vulnerability 26 | [-] CVE-2023-38169 - 8.8 - Microsoft OLE DB Remote Code Execution Vulnerability 27 | [-] CVE-2023-36741 - 8.3 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 28 | [-] CVE-2023-21709 - 9.8 - Microsoft Exchange Server Elevation of Privilege Vulnerability 29 | [-] CVE-2023-36891 - 8.0 - Microsoft SharePoint Server Spoofing Vulnerability 30 | [-] CVE-2023-36892 - 8.0 - Microsoft SharePoint Server Spoofing Vulnerability 31 | [-] CVE-2023-36897 - 8.1 - Visual Studio Tools for Office Runtime Spoofing Vulnerability 32 | [-] CVE-2023-35388 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 33 | [-] CVE-2023-38182 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 34 | [-] CVE-2023-38181 - 8.8 - Microsoft Exchange Server Spoofing Vulnerability 35 | [-] CVE-2023-36787 - 8.8 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 36 | [-] CVE-2018-11694 - 8.8 - None 37 | [+] Found 9 vulnerabilites more likely to be exploited 38 | [-] CVE-2023-35359 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35359 39 | [-] CVE-2023-36900 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36900 40 | [-] CVE-2023-35380 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35380 41 | [-] CVE-2023-35382 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35382 42 | [-] CVE-2023-35384 -- Windows HTML Platforms Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35384 43 | [-] CVE-2023-35386 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35386 44 | [-] CVE-2023-35388 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35388 45 | [-] CVE-2023-38182 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38182 46 | [-] ADV230004 -- Memory Integrity System Readiness Scan Tool Defense in Depth Update - https://www.cve.org/CVERecord?id=ADV230004 -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-dec.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] December 2023 Security Updates 4 | [+] Found a total of 42 vulnerabilities 5 | [-] 10 Elevation of Privilege Vulnerabilities 6 | [-] 0 Security Feature Bypass Vulnerabilities 7 | [-] 8 Remote Code Execution Vulnerabilities 8 | [-] 6 Information Disclosure Vulnerabilities 9 | [-] 5 Denial of Service Vulnerabilities 10 | [-] 5 Spoofing Vulnerabilities 11 | [-] 8 Edge - Chromium Vulnerabilities 12 | [+] Found 0 exploited in the wild 13 | [+] Highest Rated Vulnerabilities 14 | [-] CVE-2023-35618 - 9.6 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 15 | [-] CVE-2023-36019 - 9.6 - Microsoft Power Platform Connector Spoofing Vulnerability 16 | [-] CVE-2023-36006 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 17 | [-] CVE-2023-35639 - 8.8 - Microsoft ODBC Driver Remote Code Execution Vulnerability 18 | [-] CVE-2023-35641 - 8.8 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability 19 | [-] CVE-2023-35628 - 8.1 - Windows MSHTML Platform Remote Code Execution Vulnerability 20 | [-] CVE-2023-35630 - 8.8 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability 21 | [-] CVE-2023-35634 - 8.0 - Windows Bluetooth Driver Remote Code Execution Vulnerability 22 | [+] Found 11 vulnerabilites more likely to be exploited 23 | [-] CVE-2023-36696 -- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36696 24 | [-] CVE-2023-36391 -- Local Security Authority Subsystem Service Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36391 25 | [-] CVE-2023-36011 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36011 26 | [-] CVE-2023-36010 -- Microsoft Defender Denial of Service Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36010 27 | [-] CVE-2023-36005 -- Windows Telephony Server Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36005 28 | [-] CVE-2023-35641 -- Internet Connection Sharing (ICS) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35641 29 | [-] CVE-2023-35644 -- Windows Sysmain Service Elevation of Privilege - https://www.cve.org/CVERecord?id=CVE-2023-35644 30 | [-] CVE-2023-35628 -- Windows MSHTML Platform Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35628 31 | [-] CVE-2023-35631 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35631 32 | [-] CVE-2023-35632 -- Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35632 33 | [-] CVE-2023-35633 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35633 -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-jul.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] July 2023 Security Updates 4 | [+] Found a total of 162 vulnerabilities 5 | [-] 33 Elevation of Privilege Vulnerabilities 6 | [-] 13 Security Feature Bypass Vulnerabilities 7 | [-] 37 Remote Code Execution Vulnerabilities 8 | [-] 19 Information Disclosure Vulnerabilities 9 | [-] 22 Denial of Service Vulnerabilities 10 | [-] 9 Spoofing Vulnerabilities 11 | [-] 14 Edge - Chromium Vulnerabilities 12 | [+] Found 6 exploited in the wild 13 | [-] CVE-2023-32046 - 7.8 - Windows MSHTML Platform Elevation of Privilege Vulnerability 14 | [-] CVE-2023-32049 - 8.8 - Windows SmartScreen Security Feature Bypass Vulnerability 15 | [-] CVE-2023-36874 - 7.8 - Windows Error Reporting Service Elevation of Privilege Vulnerability 16 | [-] CVE-2023-36884 - 7.5 - Windows Search Remote Code Execution Vulnerability 17 | [-] ADV230001 - 0.0 - Guidance on Microsoft Signed Drivers Being Used Maliciously 18 | [-] CVE-2023-35311 - 8.8 - Microsoft Outlook Security Feature Bypass Vulnerability 19 | [+] Highest Rated Vulnerabilities 20 | [-] CVE-2023-33150 - 9.6 - Microsoft Office Security Feature Bypass Vulnerability 21 | [-] CVE-2023-32038 - 8.8 - Microsoft ODBC Driver Remote Code Execution Vulnerability 22 | [-] CVE-2023-32049 - 8.8 - Windows SmartScreen Security Feature Bypass Vulnerability 23 | [-] CVE-2023-35315 - 8.8 - Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability 24 | [-] CVE-2023-35322 - 8.8 - Windows Deployment Services Remote Code Execution Vulnerability 25 | [-] CVE-2023-35333 - 8.8 - MediaWiki PandocUpload Extension Remote Code Execution Vulnerability 26 | [-] CVE-2023-35364 - 8.8 - Windows Kernel Elevation of Privilege Vulnerability 27 | [-] CVE-2023-35365 - 9.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 28 | [-] CVE-2023-35366 - 9.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 29 | [-] CVE-2023-35367 - 9.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 30 | [-] CVE-2023-29347 - 8.7 - Windows Admin Center Spoofing Vulnerability 31 | [-] CVE-2023-33127 - 8.1 - .NET and Visual Studio Elevation of Privilege Vulnerability 32 | [-] CVE-2023-33134 - 8.8 - Microsoft SharePoint Server Remote Code Execution Vulnerability 33 | [-] CVE-2023-33157 - 8.8 - Microsoft SharePoint Remote Code Execution Vulnerability 34 | [-] CVE-2023-33159 - 8.8 - Microsoft SharePoint Server Spoofing Vulnerability 35 | [-] CVE-2023-33160 - 8.8 - Microsoft SharePoint Server Remote Code Execution Vulnerability 36 | [-] CVE-2023-33170 - 8.1 - ASP.NET and Visual Studio Security Feature Bypass Vulnerability 37 | [-] CVE-2023-33171 - 8.2 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability 38 | [-] CVE-2023-32057 - 9.8 - Microsoft Message Queuing Remote Code Execution Vulnerability 39 | [-] CVE-2023-35300 - 8.8 - Remote Procedure Call Runtime Remote Code Execution Vulnerability 40 | [-] CVE-2023-35302 - 8.8 - Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 41 | [-] CVE-2023-35303 - 8.8 - USB Audio Class System Driver Remote Code Execution Vulnerability 42 | [-] CVE-2023-35311 - 8.8 - Microsoft Outlook Security Feature Bypass Vulnerability 43 | [-] CVE-2023-35335 - 8.2 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability 44 | [-] CVE-2022-28331 - 9.8 - None 45 | [-] CVE-2022-29503 - 9.8 - None 46 | [+] Found 6 vulnerabilites more likely to be exploited 47 | [-] CVE-2023-35352 -- Windows Remote Desktop Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35352 48 | [-] CVE-2023-21526 -- Windows Netlogon Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-21526 49 | [-] CVE-2023-33134 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-33134 50 | [-] CVE-2023-33157 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-33157 51 | [-] CVE-2023-35312 -- Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-35312 52 | [-] CVE-2023-36871 -- Azure Active Directory Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36871 -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-jun.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] June 2023 Security Updates 4 | [+] Found a total of 120 vulnerabilities 5 | [-] 17 Elevation of Privilege Vulnerabilities 6 | [-] 3 Security Feature Bypass Vulnerabilities 7 | [-] 38 Remote Code Execution Vulnerabilities 8 | [-] 5 Information Disclosure Vulnerabilities 9 | [-] 10 Denial of Service Vulnerabilities 10 | [-] 10 Spoofing Vulnerabilities 11 | [-] 24 Edge - Chromium Vulnerabilities 12 | [+] Found 0 exploited in the wild 13 | [+] Highest Rated Vulnerabilities 14 | [-] CVE-2023-28310 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 15 | [-] CVE-2023-32031 - 8.8 - Microsoft Exchange Server Remote Code Execution Vulnerability 16 | [-] CVE-2023-29351 - 8.1 - Windows Group Policy Elevation of Privilege Vulnerability 17 | [-] CVE-2023-29357 - 9.8 - Microsoft SharePoint Server Elevation of Privilege Vulnerability 18 | [-] CVE-2023-29360 - 8.4 - Microsoft Streaming Service Elevation of Privilege Vulnerability 19 | [-] CVE-2023-29362 - 8.8 - Remote Desktop Client Remote Code Execution Vulnerability 20 | [-] CVE-2023-29363 - 9.8 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 21 | [-] CVE-2023-29372 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 22 | [-] CVE-2023-29373 - 8.8 - Microsoft ODBC Driver Remote Code Execution Vulnerability 23 | [-] CVE-2023-32009 - 8.8 - Windows Collaborative Translation Framework Elevation of Privilege Vulnerability 24 | [-] CVE-2023-32014 - 9.8 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 25 | [-] CVE-2023-32015 - 9.8 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 26 | [-] CVE-2023-33131 - 8.8 - Microsoft Outlook Remote Code Execution Vulnerability 27 | [-] CVE-2023-29402 - 9.8 - None 28 | [-] CVE-2023-29404 - 9.8 - None 29 | [+] Found 8 vulnerabilites more likely to be exploited 30 | [-] CVE-2023-28310 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-28310 31 | [-] CVE-2023-32031 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-32031 32 | [-] CVE-2023-29357 -- Microsoft SharePoint Server Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29357 33 | [-] CVE-2023-29358 -- Windows GDI Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29358 34 | [-] CVE-2023-29359 -- GDI Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29359 35 | [-] CVE-2023-29360 -- Microsoft Streaming Service Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29360 36 | [-] CVE-2023-29361 -- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29361 37 | [-] CVE-2023-29371 -- Windows GDI Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29371 -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-may.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] May 2023 Security Updates 4 | [+] Found a total of 67 vulnerabilities 5 | [-] 8 Elevation of Privilege Vulnerabilities 6 | [-] 4 Security Feature Bypass Vulnerabilities 7 | [-] 12 Remote Code Execution Vulnerabilities 8 | [-] 8 Information Disclosure Vulnerabilities 9 | [-] 5 Denial of Service Vulnerabilities 10 | [-] 1 Spoofing Vulnerabilities 11 | [-] 17 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2023-29336 - 7.8 - Win32k Elevation of Privilege Vulnerability 14 | [-] CVE-2023-24932 - 6.7 - Secure Boot Security Feature Bypass Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2023-28283 - 8.1 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability 17 | [-] CVE-2023-24941 - 9.8 - Windows Network File System Remote Code Execution Vulnerability 18 | [-] CVE-2023-24903 - 8.1 - Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability 19 | [-] CVE-2023-24943 - 9.8 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 20 | [-] CVE-2023-24947 - 8.8 - Windows Bluetooth Driver Remote Code Execution Vulnerability 21 | [-] CVE-2023-29325 - 8.1 - Windows OLE Remote Code Execution Vulnerability 22 | [+] Found 8 vulnerabilites more likely to be exploited 23 | [-] CVE-2023-24941 -- Windows Network File System Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-24941 24 | [-] CVE-2023-24902 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-24902 25 | [-] CVE-2023-24949 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-24949 26 | [-] CVE-2023-24950 -- Microsoft SharePoint Server Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-24950 27 | [-] CVE-2023-24954 -- Microsoft SharePoint Server Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-24954 28 | [-] CVE-2023-24955 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-24955 29 | [-] CVE-2023-29324 -- Windows MSHTML Platform Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29324 30 | [-] CVE-2023-29325 -- Windows OLE Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-29325 -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-nov.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] November 2023 Security Updates 4 | [+] Found a total of 83 vulnerabilities 5 | [-] 16 Elevation of Privilege Vulnerabilities 6 | [-] 6 Security Feature Bypass Vulnerabilities 7 | [-] 15 Remote Code Execution Vulnerabilities 8 | [-] 6 Information Disclosure Vulnerabilities 9 | [-] 5 Denial of Service Vulnerabilities 10 | [-] 11 Spoofing Vulnerabilities 11 | [-] 19 Edge - Chromium Vulnerabilities 12 | [+] Found 3 exploited in the wild 13 | [-] CVE-2023-36036 - 7.8 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 14 | [-] CVE-2023-36033 - 7.8 - Windows DWM Core Library Elevation of Privilege Vulnerability 15 | [-] CVE-2023-36025 - 8.8 - Windows SmartScreen Security Feature Bypass Vulnerability 16 | [+] Highest Rated Vulnerabilities 17 | [-] CVE-2023-38151 - 8.8 - Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability 18 | [-] CVE-2023-36719 - 8.4 - Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability 19 | [-] CVE-2023-36560 - 8.8 - ASP.NET Security Feature Bypass Vulnerability 20 | [-] CVE-2023-36437 - 8.8 - Azure DevOps Server Remote Code Execution Vulnerability 21 | [-] CVE-2023-36425 - 8.0 - Windows Distributed File System (DFS) Remote Code Execution Vulnerability 22 | [-] CVE-2023-36052 - 8.6 - Azure CLI REST Command Information Disclosure Vulnerability 23 | [-] CVE-2023-36017 - 8.8 - Windows Scripting Engine Memory Corruption Vulnerability 24 | [-] CVE-2023-36439 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 25 | [-] CVE-2023-36402 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 26 | [-] CVE-2023-36400 - 8.8 - Windows HMAC Key Derivation Elevation of Privilege Vulnerability 27 | [-] CVE-2023-36397 - 9.8 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 28 | [-] CVE-2023-36050 - 8.0 - Microsoft Exchange Server Spoofing Vulnerability 29 | [-] CVE-2023-36039 - 8.0 - Microsoft Exchange Server Spoofing Vulnerability 30 | [-] CVE-2023-36038 - 8.2 - ASP.NET Core Denial of Service Vulnerability 31 | [-] CVE-2023-36035 - 8.0 - Microsoft Exchange Server Spoofing Vulnerability 32 | [-] CVE-2023-36028 - 9.8 - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability 33 | [-] CVE-2023-36021 - 8.0 - Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability 34 | [-] CVE-2023-36025 - 8.8 - Windows SmartScreen Security Feature Bypass Vulnerability 35 | [-] CVE-2023-46316 - 9.8 - None 36 | [-] CVE-2020-14343 - 9.8 - None 37 | [-] CVE-2020-1747 - 9.8 - None 38 | [+] Found 10 vulnerabilites more likely to be exploited 39 | [-] CVE-2023-36424 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36424 40 | [-] CVE-2023-36413 -- Microsoft Office Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36413 41 | [-] CVE-2023-36017 -- Windows Scripting Engine Memory Corruption Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36017 42 | [-] CVE-2023-38177 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38177 43 | [-] CVE-2023-36439 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36439 44 | [-] CVE-2023-36399 -- Windows Storage Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36399 45 | [-] CVE-2023-36394 -- Windows Search Service Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36394 46 | [-] CVE-2023-36050 -- Microsoft Exchange Server Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36050 47 | [-] CVE-2023-36039 -- Microsoft Exchange Server Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36039 48 | [-] CVE-2023-36035 -- Microsoft Exchange Server Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36035 -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-oct.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] October 2023 Security Updates 4 | [+] Found a total of 105 vulnerabilities 5 | [-] 26 Elevation of Privilege Vulnerabilities 6 | [-] 3 Security Feature Bypass Vulnerabilities 7 | [-] 45 Remote Code Execution Vulnerabilities 8 | [-] 12 Information Disclosure Vulnerabilities 9 | [-] 17 Denial of Service Vulnerabilities 10 | [-] 1 Spoofing Vulnerabilities 11 | [-] 1 Edge - Chromium Vulnerabilities 12 | [+] Found 3 exploited in the wild 13 | [-] CVE-2023-41763 - 5.3 - Skype for Business Elevation of Privilege Vulnerability 14 | [-] CVE-2023-36563 - 6.5 - Microsoft WordPad Information Disclosure Vulnerability 15 | [-] CVE-2023-44487 - 0.0 - MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack 16 | [+] Highest Rated Vulnerabilities 17 | [-] CVE-2023-35349 - 9.8 - Microsoft Message Queuing Remote Code Execution Vulnerability 18 | [-] CVE-2023-41765 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 19 | [-] CVE-2023-41767 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 20 | [-] CVE-2023-41768 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 21 | [-] CVE-2023-41769 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 22 | [-] CVE-2023-41770 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 23 | [-] CVE-2023-41771 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 24 | [-] CVE-2023-41773 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 25 | [-] CVE-2023-41774 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 26 | [-] CVE-2023-36577 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 27 | [-] CVE-2023-36569 - 8.4 - Microsoft Office Elevation of Privilege Vulnerability 28 | [-] CVE-2023-36434 - 9.8 - Windows IIS Server Elevation of Privilege Vulnerability 29 | [-] CVE-2023-36419 - 8.8 - Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability 30 | [-] CVE-2023-38166 - 8.1 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 31 | [-] CVE-2023-36778 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 32 | [-] CVE-2023-36415 - 8.8 - Azure Identity SDK Remote Code Execution Vulnerability 33 | [-] CVE-2023-36414 - 8.8 - Azure Identity SDK Remote Code Execution Vulnerability 34 | [+] Found 10 vulnerabilites more likely to be exploited 35 | [-] CVE-2023-41772 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-41772 36 | [-] CVE-2023-36732 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36732 37 | [-] CVE-2023-36731 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36731 38 | [-] CVE-2023-36713 -- Windows Common Log File System Driver Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36713 39 | [-] CVE-2023-36594 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36594 40 | [-] CVE-2023-38159 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38159 41 | [-] CVE-2023-36780 -- Skype for Business Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36780 42 | [-] CVE-2023-36778 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36778 43 | [-] CVE-2023-36776 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36776 44 | [-] CVE-2023-36743 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36743 -------------------------------------------------------------------------------- /Patch Tuesday/History/2023-sep.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] September 2023 Security Updates 4 | [+] Found a total of 66 vulnerabilities 5 | [-] 17 Elevation of Privilege Vulnerabilities 6 | [-] 3 Security Feature Bypass Vulnerabilities 7 | [-] 24 Remote Code Execution Vulnerabilities 8 | [-] 9 Information Disclosure Vulnerabilities 9 | [-] 3 Denial of Service Vulnerabilities 10 | [-] 5 Spoofing Vulnerabilities 11 | [-] 5 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2023-36802 - 7.8 - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability 14 | [-] CVE-2023-36761 - 6.2 - Microsoft Word Information Disclosure Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2023-38148 - 8.8 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability 17 | [-] CVE-2023-38147 - 8.8 - Windows Miracast Wireless Display Remote Code Execution Vulnerability 18 | [-] CVE-2023-38146 - 8.8 - Windows Themes Remote Code Execution Vulnerability 19 | [-] CVE-2023-36757 - 8.0 - Microsoft Exchange Server Spoofing Vulnerability 20 | [-] CVE-2023-36756 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 21 | [-] CVE-2023-36745 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 22 | [-] CVE-2023-36744 - 8.0 - Microsoft Exchange Server Remote Code Execution Vulnerability 23 | [-] CVE-2023-33136 - 8.8 - Azure DevOps Server Remote Code Execution Vulnerability 24 | [-] CVE-2023-36764 - 8.8 - Microsoft SharePoint Server Elevation of Privilege Vulnerability 25 | [+] Found 12 vulnerabilites more likely to be exploited 26 | [-] CVE-2023-38161 -- Windows GDI Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38161 27 | [-] CVE-2023-38152 -- DHCP Server Service Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38152 28 | [-] CVE-2023-38148 -- Internet Connection Sharing (ICS) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38148 29 | [-] CVE-2023-38144 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38144 30 | [-] CVE-2023-38143 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38143 31 | [-] CVE-2023-38142 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38142 32 | [-] CVE-2023-36804 -- Windows GDI Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36804 33 | [-] CVE-2023-36756 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36756 34 | [-] CVE-2023-36745 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36745 35 | [-] CVE-2023-36744 -- Microsoft Exchange Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36744 36 | [-] CVE-2023-38160 -- Windows TCP/IP Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-38160 37 | [-] CVE-2023-36777 -- Microsoft Exchange Server Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2023-36777 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-apr.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] April 2024 Security Updates 4 | [+] Found a total of 157 vulnerabilities 5 | [-] 31 Elevation of Privilege Vulnerabilities 6 | [-] 29 Security Feature Bypass Vulnerabilities 7 | [-] 67 Remote Code Execution Vulnerabilities 8 | [-] 13 Information Disclosure Vulnerabilities 9 | [-] 7 Denial of Service Vulnerabilities 10 | [-] 4 Spoofing Vulnerabilities 11 | [-] 5 Edge - Chromium Vulnerabilities 12 | [+] Found 0 exploited in the wild 13 | [+] Highest Rated Vulnerabilities 14 | [-] CVE-2024-26179 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 15 | [-] CVE-2024-26200 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 16 | [-] CVE-2024-26205 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 17 | [-] CVE-2024-28906 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 18 | [-] CVE-2024-28908 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 19 | [-] CVE-2024-28909 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 20 | [-] CVE-2024-28910 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 21 | [-] CVE-2024-28911 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 22 | [-] CVE-2024-28912 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 23 | [-] CVE-2024-28913 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 24 | [-] CVE-2024-28914 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 25 | [-] CVE-2024-28915 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 26 | [-] CVE-2024-28929 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 27 | [-] CVE-2024-28931 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 28 | [-] CVE-2024-28932 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 29 | [-] CVE-2024-28936 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 30 | [-] CVE-2024-28939 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 31 | [-] CVE-2024-28942 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 32 | [-] CVE-2024-28945 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 33 | [-] CVE-2024-29043 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 34 | [-] CVE-2024-29047 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 35 | [-] CVE-2024-29050 - 8.4 - Windows Cryptographic Services Remote Code Execution Vulnerability 36 | [-] CVE-2024-29988 - 8.8 - SmartScreen Prompt Security Feature Bypass Vulnerability 37 | [-] CVE-2024-29990 - 9.0 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability 38 | [-] CVE-2024-20678 - 8.8 - Remote Procedure Call Runtime Remote Code Execution Vulnerability 39 | [-] CVE-2024-21323 - 8.8 - Microsoft Defender for IoT Remote Code Execution Vulnerability 40 | [-] CVE-2024-26180 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 41 | [-] CVE-2024-26189 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 42 | [-] CVE-2024-26210 - 8.8 - Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability 43 | [-] CVE-2024-26244 - 8.8 - Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability 44 | [-] CVE-2024-26214 - 8.8 - Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability 45 | [-] CVE-2024-26240 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 46 | [-] CVE-2024-28925 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 47 | [-] CVE-2024-28926 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 48 | [-] CVE-2024-28927 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 49 | [-] CVE-2024-28930 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 50 | [-] CVE-2024-28933 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 51 | [-] CVE-2024-28934 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 52 | [-] CVE-2024-28935 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 53 | [-] CVE-2024-28937 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 54 | [-] CVE-2024-28938 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 55 | [-] CVE-2024-28940 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 56 | [-] CVE-2024-28941 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 57 | [-] CVE-2024-28943 - 8.8 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 58 | [-] CVE-2024-28944 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 59 | [-] CVE-2024-29044 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 60 | [-] CVE-2024-29046 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 61 | [-] CVE-2024-29048 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 62 | [-] CVE-2024-29053 - 8.8 - Microsoft Defender for IoT Remote Code Execution Vulnerability 63 | [-] CVE-2024-20670 - 8.1 - Outlook for Windows Spoofing Vulnerability 64 | [-] CVE-2024-29982 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 65 | [-] CVE-2024-29983 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 66 | [-] CVE-2024-29984 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 67 | [-] CVE-2024-29985 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 68 | [-] CVE-2024-29989 - 8.4 - Azure Monitor Agent Elevation of Privilege Vulnerability 69 | [-] CVE-2024-29993 - 8.8 - Azure CycleCloud Elevation of Privilege Vulnerability 70 | [+] Found 14 vulnerabilites more likely to be exploited 71 | [-] CVE-2024-26256 -- libarchive Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26256 72 | [-] CVE-2024-26158 -- Microsoft Install Service Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26158 73 | [-] CVE-2024-28921 -- Secure Boot Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-28921 74 | [-] CVE-2024-28903 -- Secure Boot Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-28903 75 | [-] CVE-2024-29988 -- SmartScreen Prompt Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-29988 76 | [-] CVE-2024-26209 -- Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26209 77 | [-] CVE-2024-26218 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26218 78 | [-] CVE-2024-26241 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26241 79 | [-] CVE-2024-26234 -- Proxy Driver Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26234 80 | [-] CVE-2024-26211 -- Windows Remote Access Connection Manager Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26211 81 | [-] CVE-2024-26212 -- DHCP Server Service Denial of Service Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26212 82 | [-] CVE-2024-26230 -- Windows Telephony Server Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26230 83 | [-] CVE-2024-26239 -- Windows Telephony Server Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26239 84 | [-] CVE-2024-29056 -- Windows Authentication Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-29056 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-aug.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] July 2024 Security Updates 4 | [+] Found a total of 280 vulnerabilities 5 | [-] 29 Elevation of Privilege Vulnerabilities 6 | [-] 24 Security Feature Bypass Vulnerabilities 7 | [-] 60 Remote Code Execution Vulnerabilities 8 | [-] 9 Information Disclosure Vulnerabilities 9 | [-] 17 Denial of Service Vulnerabilities 10 | [-] 7 Spoofing Vulnerabilities 11 | [-] 25 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2024-38080 - 7.8 - Windows Hyper-V Elevation of Privilege Vulnerability 14 | [-] CVE-2024-38112 - 7.5 - Windows MSHTML Platform Spoofing Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2024-21417 - 8.8 - Windows Text Services Framework Elevation of Privilege Vulnerability 17 | [-] CVE-2024-28899 - 8.8 - Secure Boot Security Feature Bypass Vulnerability 18 | [-] CVE-2024-35264 - 8.1 - .NET and Visual Studio Remote Code Execution Vulnerability 19 | [-] CVE-2024-38088 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 20 | [-] CVE-2024-38087 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 21 | [-] CVE-2024-21332 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 22 | [-] CVE-2024-21333 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 23 | [-] CVE-2024-21335 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 24 | [-] CVE-2024-21373 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 25 | [-] CVE-2024-21398 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 26 | [-] CVE-2024-21414 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 27 | [-] CVE-2024-21415 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 28 | [-] CVE-2024-21428 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 29 | [-] CVE-2024-37318 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 30 | [-] CVE-2024-37332 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 31 | [-] CVE-2024-37331 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 32 | [-] CVE-2024-37969 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 33 | [-] CVE-2024-37970 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 34 | [-] CVE-2024-37974 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 35 | [-] CVE-2024-37981 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 36 | [-] CVE-2024-37986 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 37 | [-] CVE-2024-37987 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 38 | [-] CVE-2024-38060 - 8.8 - Windows Imaging Component Remote Code Execution Vulnerability 39 | [-] CVE-2024-38077 - 9.8 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 40 | [-] CVE-2024-38104 - 8.8 - Windows Fax Service Remote Code Execution Vulnerability 41 | [-] CVE-2024-38182 - 9.0 - Microsoft Dynamics 365 Elevation of Privilege Vulnerability 42 | [-] CVE-2024-30013 - 8.8 - Windows MultiPoint Services Remote Code Execution Vulnerability 43 | [-] CVE-2024-35271 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 44 | [-] CVE-2024-35272 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 45 | [-] CVE-2024-20701 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 46 | [-] CVE-2024-21303 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 47 | [-] CVE-2024-21308 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 48 | [-] CVE-2024-21317 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 49 | [-] CVE-2024-21331 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 50 | [-] CVE-2024-21425 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 51 | [-] CVE-2024-37319 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 52 | [-] CVE-2024-37320 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 53 | [-] CVE-2024-37321 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 54 | [-] CVE-2024-37322 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 55 | [-] CVE-2024-37323 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 56 | [-] CVE-2024-37324 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 57 | [-] CVE-2024-21449 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 58 | [-] CVE-2024-37326 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 59 | [-] CVE-2024-37327 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 60 | [-] CVE-2024-37328 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 61 | [-] CVE-2024-37329 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 62 | [-] CVE-2024-37330 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 63 | [-] CVE-2024-37334 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 64 | [-] CVE-2024-37333 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 65 | [-] CVE-2024-37336 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 66 | [-] CVE-2024-28928 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 67 | [-] CVE-2024-35256 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 68 | [-] CVE-2024-37971 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 69 | [-] CVE-2024-37972 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 70 | [-] CVE-2024-37973 - 8.8 - Secure Boot Security Feature Bypass Vulnerability 71 | [-] CVE-2024-37975 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 72 | [-] CVE-2024-37977 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 73 | [-] CVE-2024-37978 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 74 | [-] CVE-2024-37984 - 8.4 - Secure Boot Security Feature Bypass Vulnerability 75 | [-] CVE-2024-37988 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 76 | [-] CVE-2024-37989 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 77 | [-] CVE-2024-38010 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 78 | [-] CVE-2024-38011 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 79 | [-] CVE-2024-38021 - 8.8 - Microsoft Outlook Remote Code Execution Vulnerability 80 | [-] CVE-2024-38053 - 8.8 - Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability 81 | [-] CVE-2024-38074 - 9.8 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 82 | [-] CVE-2024-38076 - 9.8 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 83 | [-] CVE-2024-38089 - 9.1 - Microsoft Defender for IoT Elevation of Privilege Vulnerability 84 | [-] CVE-2024-38092 - 8.8 - Azure CycleCloud Elevation of Privilege Vulnerability 85 | [-] CVE-2024-38176 - 8.1 - GroupMe Elevation of Privilege Vulnerability 86 | [-] CVE-2024-38164 - 9.6 - GroupMe Elevation of Privilege Vulnerability 87 | [-] CVE-2024-6387 - 8.1 - RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling 88 | [-] CVE-2024-3727 - 8.3 - None 89 | [-] CVE-2024-33602 - 8.6 - None 90 | [-] CVE-2024-29164 - 9.8 - None 91 | [-] CVE-2024-32614 - 8.8 - None 92 | [-] CVE-2024-33874 - 9.8 - None 93 | [-] CVE-2024-32623 - 8.8 - None 94 | [-] CVE-2024-32487 - 8.6 - None 95 | [-] CVE-2023-42282 - 9.8 - None 96 | [-] CVE-2015-7747 - 8.8 - None 97 | [-] CVE-2020-8597 - 9.8 - None 98 | [-] CVE-2020-8112 - 8.8 - None 99 | [-] CVE-2024-32605 - 8.8 - None 100 | [-] CVE-2024-32615 - 9.8 - None 101 | [-] CVE-2024-33877 - 8.8 - None 102 | [-] CVE-2024-29161 - 8.8 - None 103 | [-] CVE-2024-33873 - 8.8 - None 104 | [-] CVE-2023-45853 - 9.8 - None 105 | [-] CVE-2024-29039 - 9.0 - None 106 | [-] CVE-2024-5535 - 9.1 - None 107 | [+] Found 14 vulnerabilites more likely to be exploited 108 | [-] CVE-2024-38023 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38023 109 | [-] CVE-2024-38024 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38024 110 | [-] CVE-2024-38054 -- Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38054 111 | [-] CVE-2024-38059 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38059 112 | [-] CVE-2024-38060 -- Windows Imaging Component Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38060 113 | [-] CVE-2024-38085 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38085 114 | [-] CVE-2024-38100 -- Windows File Explorer Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38100 115 | [-] CVE-2024-38021 -- Microsoft Outlook Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38021 116 | [-] CVE-2024-38052 -- Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38052 117 | [-] CVE-2024-38066 -- Windows Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38066 118 | [-] CVE-2024-38079 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38079 119 | [-] CVE-2024-38094 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38094 120 | [-] CVE-2024-38099 -- Windows Remote Desktop Licensing Service Denial of Service Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38099 121 | [-] CVE-2024-39684 -- Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-39684 122 | PS D:\Github\SecScripts\Patch Tuesday> python.exe .\patch_review.py 2024-aug 123 | [+] Microsoft Patch Tuesday Stats 124 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 125 | [+] August 2024 Early Security Updates 126 | [+] Found a total of 100 vulnerabilities 127 | [-] 2 Elevation of Privilege Vulnerabilities 128 | [-] 0 Security Feature Bypass Vulnerabilities 129 | [-] 0 Remote Code Execution Vulnerabilities 130 | [-] 1 Information Disclosure Vulnerabilities 131 | [-] 0 Denial of Service Vulnerabilities 132 | [-] 2 Spoofing Vulnerabilities 133 | [-] 11 Edge - Chromium Vulnerabilities 134 | [+] Found 0 exploited in the wild 135 | [+] Highest Rated Vulnerabilities 136 | [-] CVE-2022-36648 - 10.0 - None 137 | [-] CVE-2024-39331 - 9.8 - None 138 | [-] CVE-2024-41110 - 9.9 - None 139 | [-] CVE-2021-3929 - 8.2 - None 140 | [-] CVE-2021-4206 - 8.2 - None 141 | [-] CVE-2021-4207 - 8.2 - None 142 | [-] CVE-2022-35414 - 8.8 - None 143 | [-] CVE-2022-3872 - 8.6 - None 144 | [-] CVE-2023-29404 - 9.8 - None 145 | [-] CVE-2023-29402 - 9.8 - None 146 | [-] CVE-2017-17522 - 8.8 - None 147 | [-] CVE-2024-2398 - 8.6 - None 148 | [-] CVE-2024-6257 - 8.4 - None 149 | [-] CVE-2021-3750 - 8.2 - None 150 | [-] CVE-2024-38428 - 9.1 - None 151 | [-] CVE-2024-38166 - 8.2 - Microsoft Dynamics 365 Cross-site Scripting Vulnerability 152 | [-] CVE-2024-38206 - 8.5 - Microsoft Copilot Studio Information Disclosure Vulnerability 153 | [-] CVE-2024-38218 - 8.4 - Microsoft Edge (HTML-based) Memory Corruption Vulnerability 154 | [+] Found 0 vulnerabilites more likely to be exploited -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-dec.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] December 2024 Security Updates 4 | [+] Found a total of 260 vulnerabilities 5 | [-] 27 Elevation of Privilege Vulnerabilities 6 | [-] 0 Security Feature Bypass Vulnerabilities 7 | [-] 31 Remote Code Execution Vulnerabilities 8 | [-] 7 Information Disclosure Vulnerabilities 9 | [-] 5 Denial of Service Vulnerabilities 10 | [-] 1 Spoofing Vulnerabilities 11 | [-] 2 Edge - Chromium Vulnerabilities 12 | [+] Found 1 exploited in the wild 13 | [-] CVE-2024-49138 - 7.8 - Windows Common Log File System Driver Elevation of Privilege Vulnerability 14 | [+] Highest Rated Vulnerabilities 15 | [-] CVE-2024-38473 - 8.1 - None 16 | [-] CVE-2024-2398 - 8.6 - None 17 | [-] CVE-2024-8932 - 9.8 - None 18 | [-] CVE-2024-11236 - 9.8 - None 19 | [-] CVE-2024-3727 - 8.3 - None 20 | [-] CVE-2023-26484 - 8.2 - None 21 | [-] CVE-2024-48949 - 9.1 - None 22 | [-] CVE-2024-1545 - 8.8 - None 23 | [-] CVE-2024-2881 - 8.8 - None 24 | [-] CVE-2024-11233 - 8.2 - None 25 | [-] CVE-2024-49057 - 8.1 - Microsoft Defender for Endpoint on Android Spoofing Vulnerability 26 | [-] CVE-2024-49068 - 8.2 - Microsoft SharePoint Elevation of Privilege Vulnerability 27 | [-] CVE-2024-49085 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 28 | [-] CVE-2024-49086 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 29 | [-] CVE-2024-49093 - 8.8 - Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability 30 | [-] CVE-2024-49102 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 31 | [-] CVE-2024-49104 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 32 | [-] CVE-2024-49106 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 33 | [-] CVE-2024-49108 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 34 | [-] CVE-2024-49115 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 35 | [-] CVE-2024-49117 - 8.8 - Windows Hyper-V Remote Code Execution Vulnerability 36 | [-] CVE-2024-49119 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 37 | [-] CVE-2024-49120 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 38 | [-] CVE-2024-49122 - 8.1 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 39 | [-] CVE-2024-49123 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 40 | [-] CVE-2024-49124 - 8.1 - Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability 41 | [-] CVE-2024-49125 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 42 | [-] CVE-2024-49126 - 8.1 - Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability 43 | [-] CVE-2024-49132 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 44 | [-] CVE-2024-49063 - 8.4 - Microsoft/Muzic Remote Code Execution Vulnerability 45 | [-] CVE-2024-49080 - 8.8 - Windows IP Routing Management Snapin Remote Code Execution Vulnerability 46 | [-] CVE-2024-49116 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 47 | [-] CVE-2024-49118 - 8.1 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 48 | [-] CVE-2024-49127 - 8.1 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability 49 | [-] CVE-2024-49128 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 50 | [-] CVE-2024-49112 - 9.8 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability 51 | [-] CVE-2024-49105 - 8.4 - Remote Desktop Client Remote Code Execution Vulnerability 52 | [+] Found 6 vulnerabilites more likely to be exploited 53 | [-] CVE-2024-49070 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49070 54 | [-] CVE-2024-49093 -- Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49093 55 | [-] CVE-2024-49122 -- Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49122 56 | [-] CVE-2024-49088 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49088 57 | [-] CVE-2024-49090 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49090 58 | [-] CVE-2024-49114 -- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49114 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-feb.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] February 2024 Security Updates 4 | [+] Found a total of 80 vulnerabilities 5 | [-] 16 Elevation of Privilege Vulnerabilities 6 | [-] 3 Security Feature Bypass Vulnerabilities 7 | [-] 30 Remote Code Execution Vulnerabilities 8 | [-] 5 Information Disclosure Vulnerabilities 9 | [-] 9 Denial of Service Vulnerabilities 10 | [-] 10 Spoofing Vulnerabilities 11 | [-] 6 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2024-21351 - 7.6 - Windows SmartScreen Security Feature Bypass Vulnerability 14 | [-] CVE-2024-21412 - 8.1 - Internet Shortcut Files Security Feature Bypass Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2024-21349 - 8.8 - Microsoft ActiveX Data Objects Remote Code Execution Vulnerability 17 | [-] CVE-2024-21350 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 18 | [-] CVE-2024-21352 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 19 | [-] CVE-2024-21358 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 20 | [-] CVE-2024-21360 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 21 | [-] CVE-2024-21361 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 22 | [-] CVE-2024-21366 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 23 | [-] CVE-2024-21369 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 24 | [-] CVE-2024-21372 - 8.8 - Windows OLE Remote Code Execution Vulnerability 25 | [-] CVE-2024-21375 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 26 | [-] CVE-2024-21401 - 9.8 - Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability 27 | [-] CVE-2024-21413 - 9.8 - Microsoft Outlook Remote Code Execution Vulnerability 28 | [-] CVE-2024-21420 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 29 | [-] CVE-2024-21345 - 8.8 - Windows Kernel Elevation of Privilege Vulnerability 30 | [-] CVE-2024-21353 - 8.8 - Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability 31 | [-] CVE-2024-21359 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 32 | [-] CVE-2024-21364 - 9.3 - Microsoft Azure Site Recovery Elevation of Privilege Vulnerability 33 | [-] CVE-2024-21365 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 34 | [-] CVE-2024-21367 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 35 | [-] CVE-2024-21368 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 36 | [-] CVE-2024-21370 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 37 | [-] CVE-2024-21376 - 9.0 - Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability 38 | [-] CVE-2024-21378 - 8.0 - Microsoft Outlook Remote Code Execution Vulnerability 39 | [-] CVE-2024-21380 - 8.0 - Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability 40 | [-] CVE-2024-21391 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 41 | [-] CVE-2024-21395 - 8.2 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability 42 | [-] CVE-2024-21399 - 8.3 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 43 | [-] CVE-2024-21403 - 9.0 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability 44 | [-] CVE-2024-21410 - 9.8 - Microsoft Exchange Server Elevation of Privilege Vulnerability 45 | [-] CVE-2024-21412 - 8.1 - Internet Shortcut Files Security Feature Bypass Vulnerability 46 | [-] CVE-2024-21626 - 8.6 - None 47 | [+] Found 8 vulnerabilites more likely to be exploited 48 | [-] CVE-2024-21338 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21338 49 | [-] CVE-2024-21357 -- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21357 50 | [-] CVE-2024-21371 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21371 51 | [-] CVE-2024-21379 -- Microsoft Word Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21379 52 | [-] CVE-2024-21345 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21345 53 | [-] CVE-2024-21346 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21346 54 | [-] CVE-2024-21378 -- Microsoft Outlook Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21378 55 | [-] CVE-2024-21410 -- Microsoft Exchange Server Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21410 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-jan.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] January 2024 Security Updates 4 | [+] Found a total of 53 vulnerabilities 5 | [-] 10 Elevation of Privilege Vulnerabilities 6 | [-] 7 Security Feature Bypass Vulnerabilities 7 | [-] 12 Remote Code Execution Vulnerabilities 8 | [-] 11 Information Disclosure Vulnerabilities 9 | [-] 6 Denial of Service Vulnerabilities 10 | [-] 3 Spoofing Vulnerabilities 11 | [-] 4 Edge - Chromium Vulnerabilities 12 | [+] Found 0 exploited in the wild 13 | [+] Highest Rated Vulnerabilities 14 | [-] CVE-2024-20674 - 9.0 - Windows Kerberos Security Feature Bypass Vulnerability 15 | [-] CVE-2024-20676 - 8.0 - Azure Storage Mover Remote Code Execution Vulnerability 16 | [-] CVE-2024-20654 - 8.0 - Microsoft ODBC Driver Remote Code Execution Vulnerability 17 | [-] CVE-2024-0056 - 8.7 - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability 18 | [-] CVE-2024-0057 - 9.1 - NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability 19 | [-] CVE-2024-21318 - 8.8 - Microsoft SharePoint Server Remote Code Execution Vulnerability 20 | [+] Found 9 vulnerabilites more likely to be exploited 21 | [-] CVE-2024-20674 -- Windows Kerberos Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-20674 22 | [-] CVE-2024-20683 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-20683 23 | [-] CVE-2024-20698 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-20698 24 | [-] CVE-2024-21307 -- Remote Desktop Client Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21307 25 | [-] CVE-2024-20652 -- Windows HTML Platforms Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-20652 26 | [-] CVE-2024-20653 -- Microsoft Common Log File System Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-20653 27 | [-] CVE-2024-20686 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-20686 28 | [-] CVE-2024-21310 -- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21310 29 | [-] CVE-2024-21318 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21318 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-jul.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] July 2024 Security Updates 4 | [+] Found a total of 155 vulnerabilities 5 | [-] 26 Elevation of Privilege Vulnerabilities 6 | [-] 24 Security Feature Bypass Vulnerabilities 7 | [-] 59 Remote Code Execution Vulnerabilities 8 | [-] 9 Information Disclosure Vulnerabilities 9 | [-] 17 Denial of Service Vulnerabilities 10 | [-] 7 Spoofing Vulnerabilities 11 | [-] 0 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2024-38080 - 7.8 - Windows Hyper-V Elevation of Privilege Vulnerability 14 | [-] CVE-2024-38112 - 7.5 - Windows MSHTML Platform Spoofing Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2017-17522 - 8.8 - None 17 | [-] CVE-2024-21417 - 8.8 - Windows Text Services Framework Elevation of Privilege Vulnerability 18 | [-] CVE-2024-28899 - 8.8 - Secure Boot Security Feature Bypass Vulnerability 19 | [-] CVE-2024-35264 - 8.1 - .NET and Visual Studio Remote Code Execution Vulnerability 20 | [-] CVE-2024-38088 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 21 | [-] CVE-2024-38087 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 22 | [-] CVE-2024-21332 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 23 | [-] CVE-2024-21333 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 24 | [-] CVE-2024-21335 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 25 | [-] CVE-2024-21373 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 26 | [-] CVE-2024-21398 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 27 | [-] CVE-2024-21414 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 28 | [-] CVE-2024-21415 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 29 | [-] CVE-2024-21428 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 30 | [-] CVE-2024-37318 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 31 | [-] CVE-2024-37332 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 32 | [-] CVE-2024-37331 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 33 | [-] CVE-2024-37969 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 34 | [-] CVE-2024-37970 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 35 | [-] CVE-2024-37974 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 36 | [-] CVE-2024-37981 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 37 | [-] CVE-2024-37986 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 38 | [-] CVE-2024-37987 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 39 | [-] CVE-2024-38060 - 8.8 - Windows Imaging Component Remote Code Execution Vulnerability 40 | [-] CVE-2024-38077 - 9.8 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 41 | [-] CVE-2024-38104 - 8.8 - Windows Fax Service Remote Code Execution Vulnerability 42 | [-] CVE-2024-30013 - 8.8 - Windows MultiPoint Services Remote Code Execution Vulnerability 43 | [-] CVE-2024-35271 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 44 | [-] CVE-2024-35272 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 45 | [-] CVE-2024-20701 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 46 | [-] CVE-2024-21303 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 47 | [-] CVE-2024-21308 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 48 | [-] CVE-2024-21317 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 49 | [-] CVE-2024-21331 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 50 | [-] CVE-2024-21425 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 51 | [-] CVE-2024-37319 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 52 | [-] CVE-2024-37320 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 53 | [-] CVE-2024-37321 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 54 | [-] CVE-2024-37322 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 55 | [-] CVE-2024-37323 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 56 | [-] CVE-2024-37324 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 57 | [-] CVE-2024-21449 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 58 | [-] CVE-2024-37326 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 59 | [-] CVE-2024-37327 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 60 | [-] CVE-2024-37328 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 61 | [-] CVE-2024-37329 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 62 | [-] CVE-2024-37330 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 63 | [-] CVE-2024-37334 - 8.8 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 64 | [-] CVE-2024-37333 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 65 | [-] CVE-2024-37336 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 66 | [-] CVE-2024-28928 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 67 | [-] CVE-2024-35256 - 8.8 - SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 68 | [-] CVE-2024-37971 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 69 | [-] CVE-2024-37972 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 70 | [-] CVE-2024-37973 - 8.4 - Secure Boot Security Feature Bypass Vulnerability 71 | [-] CVE-2024-37975 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 72 | [-] CVE-2024-37977 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 73 | [-] CVE-2024-37978 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 74 | [-] CVE-2024-37984 - 8.4 - Secure Boot Security Feature Bypass Vulnerability 75 | [-] CVE-2024-37988 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 76 | [-] CVE-2024-37989 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 77 | [-] CVE-2024-38010 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 78 | [-] CVE-2024-38011 - 8.0 - Secure Boot Security Feature Bypass Vulnerability 79 | [-] CVE-2024-38021 - 8.8 - Microsoft Office Remote Code Execution Vulnerability 80 | [-] CVE-2024-38053 - 8.8 - Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability 81 | [-] CVE-2024-38074 - 9.8 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 82 | [-] CVE-2024-38076 - 9.8 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 83 | [-] CVE-2024-38089 - 9.1 - Microsoft Defender for IoT Elevation of Privilege Vulnerability 84 | [-] CVE-2024-38092 - 8.8 - Azure CycleCloud Elevation of Privilege Vulnerability 85 | [+] Found 14 vulnerabilites more likely to be exploited 86 | [-] CVE-2024-38023 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38023 87 | [-] CVE-2024-38024 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38024 88 | [-] CVE-2024-38054 -- Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38054 89 | [-] CVE-2024-38059 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38059 90 | [-] CVE-2024-38060 -- Windows Imaging Component Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38060 91 | [-] CVE-2024-38085 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38085 92 | [-] CVE-2024-38100 -- Windows File Explorer Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38100 93 | [-] CVE-2024-38021 -- Microsoft Office Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38021 94 | [-] CVE-2024-38052 -- Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38052 95 | [-] CVE-2024-38066 -- Windows Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38066 96 | [-] CVE-2024-38079 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38079 97 | [-] CVE-2024-38094 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38094 98 | [-] CVE-2024-38099 -- Windows Remote Desktop Licensing Service Denial of Service Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38099 99 | [-] CVE-2024-39684 -- Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-39684 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-jun.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] June 2024 Security Updates 4 | [+] Found a total of 80 vulnerabilities 5 | [-] 25 Elevation of Privilege Vulnerabilities 6 | [-] 0 Security Feature Bypass Vulnerabilities 7 | [-] 18 Remote Code Execution Vulnerabilities 8 | [-] 3 Information Disclosure Vulnerabilities 9 | [-] 5 Denial of Service Vulnerabilities 10 | [-] 2 Spoofing Vulnerabilities 11 | [-] 26 Edge - Chromium Vulnerabilities 12 | [+] Found 0 exploited in the wild 13 | [+] Highest Rated Vulnerabilities 14 | [-] CVE-2024-30074 - 8.0 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability 15 | [-] CVE-2024-30075 - 8.0 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability 16 | [-] CVE-2024-30077 - 8.0 - Windows OLE Remote Code Execution Vulnerability 17 | [-] CVE-2024-30078 - 8.8 - Windows Wi-Fi Driver Remote Code Execution Vulnerability 18 | [-] CVE-2024-30080 - 9.8 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 19 | [-] CVE-2024-30064 - 8.8 - Windows Kernel Elevation of Privilege Vulnerability 20 | [-] CVE-2024-30068 - 8.8 - Windows Kernel Elevation of Privilege Vulnerability 21 | [-] CVE-2024-30097 - 8.8 - Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability 22 | [-] CVE-2024-30103 - 8.8 - Microsoft Outlook Remote Code Execution Vulnerability 23 | [-] CVE-2024-35249 - 8.8 - Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability 24 | [-] CVE-2024-37325 - 8.1 - Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability 25 | [+] Found 11 vulnerabilites more likely to be exploited 26 | [-] CVE-2024-30080 -- Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30080 27 | [-] CVE-2024-30082 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30082 28 | [-] CVE-2024-35250 -- Windows Kernel-Mode Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-35250 29 | [-] CVE-2024-30084 -- Windows Kernel-Mode Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30084 30 | [-] CVE-2024-30085 -- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30085 31 | [-] CVE-2024-30086 -- Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30086 32 | [-] CVE-2024-30087 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30087 33 | [-] CVE-2024-30088 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30088 34 | [-] CVE-2024-30089 -- Microsoft Streaming Service Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30089 35 | [-] CVE-2024-30091 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30091 36 | [-] CVE-2024-30099 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30099 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-mar.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] March 2024 Security Updates 4 | [+] Found a total of 64 vulnerabilities 5 | [-] 24 Elevation of Privilege Vulnerabilities 6 | [-] 3 Security Feature Bypass Vulnerabilities 7 | [-] 18 Remote Code Execution Vulnerabilities 8 | [-] 6 Information Disclosure Vulnerabilities 9 | [-] 6 Denial of Service Vulnerabilities 10 | [-] 2 Spoofing Vulnerabilities 11 | [-] 3 Edge - Chromium Vulnerabilities 12 | [+] Found 0 exploited in the wild 13 | [+] Highest Rated Vulnerabilities 14 | [-] CVE-2024-21411 - 8.8 - Skype for Consumer Remote Code Execution Vulnerability 15 | [-] CVE-2024-21441 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 16 | [-] CVE-2024-21444 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 17 | [-] CVE-2024-21450 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 18 | [-] CVE-2024-21451 - 8.8 - Microsoft ODBC Driver Remote Code Execution Vulnerability 19 | [-] CVE-2024-26159 - 8.8 - Microsoft ODBC Driver Remote Code Execution Vulnerability 20 | [-] CVE-2024-26198 - 8.8 - Microsoft Exchange Server Remote Code Execution Vulnerability 21 | [-] CVE-2024-26161 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 22 | [-] CVE-2024-26164 - 8.8 - Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability 23 | [-] CVE-2024-21334 - 9.8 - Open Management Infrastructure (OMI) Remote Code Execution Vulnerability 24 | [-] CVE-2024-21400 - 9.0 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability 25 | [-] CVE-2024-21407 - 8.1 - Windows Hyper-V Remote Code Execution Vulnerability 26 | [-] CVE-2024-21435 - 8.8 - Windows OLE Remote Code Execution Vulnerability 27 | [-] CVE-2024-21440 - 8.8 - Microsoft ODBC Driver Remote Code Execution Vulnerability 28 | [-] CVE-2024-26162 - 8.8 - Microsoft ODBC Driver Remote Code Execution Vulnerability 29 | [-] CVE-2024-26166 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 30 | [-] CVE-2024-26165 - 8.8 - Visual Studio Code Elevation of Privilege Vulnerability 31 | [+] Found 6 vulnerabilites more likely to be exploited 32 | [-] CVE-2024-21433 -- Windows Print Spooler Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21433 33 | [-] CVE-2024-21437 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-21437 34 | [-] CVE-2024-26160 -- Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26160 35 | [-] CVE-2024-26170 -- Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26170 36 | [-] CVE-2024-26182 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26182 37 | [-] CVE-2024-26185 -- Windows Compressed Folder Tampering Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-26185 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-may.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] May 2024 Security Updates 4 | [+] Found a total of 68 vulnerabilities 5 | [-] 17 Elevation of Privilege Vulnerabilities 6 | [-] 2 Security Feature Bypass Vulnerabilities 7 | [-] 27 Remote Code Execution Vulnerabilities 8 | [-] 7 Information Disclosure Vulnerabilities 9 | [-] 3 Denial of Service Vulnerabilities 10 | [-] 4 Spoofing Vulnerabilities 11 | [-] 7 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2024-30040 - 8.8 - Windows MSHTML Platform Security Feature Bypass Vulnerability 14 | [-] CVE-2024-30051 - 7.8 - Windows DWM Core Library Elevation of Privilege Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2024-32002 - 9.0 - GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution 17 | [-] CVE-2024-30006 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 18 | [-] CVE-2024-30007 - 8.8 - Microsoft Brokering File System Elevation of Privilege Vulnerability 19 | [-] CVE-2024-30009 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 20 | [-] CVE-2024-30010 - 8.8 - Windows Hyper-V Remote Code Execution Vulnerability 21 | [-] CVE-2024-30017 - 8.8 - Windows Hyper-V Remote Code Execution Vulnerability 22 | [-] CVE-2024-30020 - 8.1 - Windows Cryptographic Services Remote Code Execution Vulnerability 23 | [-] CVE-2024-30040 - 8.8 - Windows MSHTML Platform Security Feature Bypass Vulnerability 24 | [-] CVE-2024-32004 - 8.1 - GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories 25 | [+] Found 10 vulnerabilites more likely to be exploited 26 | [-] CVE-2024-29996 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-29996 27 | [-] CVE-2024-30044 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30044 28 | [-] CVE-2024-30050 -- Windows Mark of the Web Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30050 29 | [-] CVE-2024-30025 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30025 30 | [-] CVE-2024-30032 -- Windows DWM Core Library Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30032 31 | [-] CVE-2024-30034 -- Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30034 32 | [-] CVE-2024-30035 -- Windows DWM Core Library Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30035 33 | [-] CVE-2024-30037 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30037 34 | [-] CVE-2024-30038 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30038 35 | [-] CVE-2024-30049 -- Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-30049 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-nov.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] November 2024 Security Updates 4 | [+] Found a total of 468 vulnerabilities 5 | [-] 29 Elevation of Privilege Vulnerabilities 6 | [-] 2 Security Feature Bypass Vulnerabilities 7 | [-] 53 Remote Code Execution Vulnerabilities 8 | [-] 1 Information Disclosure Vulnerabilities 9 | [-] 4 Denial of Service Vulnerabilities 10 | [-] 3 Spoofing Vulnerabilities 11 | [-] 13 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2024-43451 - 6.5 - NTLM Hash Disclosure Spoofing Vulnerability 14 | [-] CVE-2024-49039 - 8.8 - Windows Task Scheduler Elevation of Privilege Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2024-47685 - 9.1 - None 17 | [-] CVE-2024-2398 - 8.6 - None 18 | [-] CVE-2024-5187 - 8.8 - None 19 | [-] CVE-2024-52533 - 9.8 - None 20 | [-] CVE-2024-4323 - 9.8 - None 21 | [-] CVE-2024-8926 - 8.8 - None 22 | [-] CVE-2024-52531 - 8.4 - None 23 | [-] CVE-2024-43602 - 9.9 - Azure CycleCloud Remote Code Execution Vulnerability 24 | [-] CVE-2024-43625 - 8.1 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability 25 | [-] CVE-2024-43627 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 26 | [-] CVE-2024-43628 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 27 | [-] CVE-2024-43447 - 8.1 - Windows SMBv3 Server Remote Code Execution Vulnerability 28 | [-] CVE-2024-38255 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 29 | [-] CVE-2024-43459 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 30 | [-] CVE-2024-43462 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 31 | [-] CVE-2024-48994 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 32 | [-] CVE-2024-48995 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 33 | [-] CVE-2024-48996 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 34 | [-] CVE-2024-5535 - 9.1 - OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread 35 | [-] CVE-2024-43598 - 8.1 - LightGBM Remote Code Execution Vulnerability 36 | [-] CVE-2024-43498 - 9.8 - .NET and Visual Studio Remote Code Execution Vulnerability 37 | [-] CVE-2024-43620 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 38 | [-] CVE-2024-43621 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 39 | [-] CVE-2024-43622 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 40 | [-] CVE-2024-43624 - 8.8 - Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability 41 | [-] CVE-2024-43635 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 42 | [-] CVE-2024-43639 - 9.8 - Windows KDC Proxy Remote Code Execution Vulnerability 43 | [-] CVE-2024-48993 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 44 | [-] CVE-2024-48997 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 45 | [-] CVE-2024-48998 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 46 | [-] CVE-2024-48999 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 47 | [-] CVE-2024-49000 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 48 | [-] CVE-2024-49001 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 49 | [-] CVE-2024-49002 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 50 | [-] CVE-2024-49003 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 51 | [-] CVE-2024-49004 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 52 | [-] CVE-2024-49005 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 53 | [-] CVE-2024-49007 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 54 | [-] CVE-2024-49006 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 55 | [-] CVE-2024-49008 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 56 | [-] CVE-2024-49009 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 57 | [-] CVE-2024-49010 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 58 | [-] CVE-2024-49011 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 59 | [-] CVE-2024-49012 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 60 | [-] CVE-2024-49013 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 61 | [-] CVE-2024-49014 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 62 | [-] CVE-2024-49015 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 63 | [-] CVE-2024-49016 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 64 | [-] CVE-2024-49017 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 65 | [-] CVE-2024-49018 - 8.8 - SQL Server Native Client Remote Code Execution Vulnerability 66 | [-] CVE-2024-49039 - 8.8 - Windows Task Scheduler Elevation of Privilege Vulnerability 67 | [-] CVE-2024-49048 - 8.1 - TorchGeo Remote Code Execution Vulnerability 68 | [-] CVE-2024-49050 - 8.8 - Visual Studio Code Python Extension Remote Code Execution Vulnerability 69 | [-] CVE-2024-49060 - 8.8 - Azure Stack HCI Elevation of Privilege Vulnerability 70 | [+] Found 9 vulnerabilites more likely to be exploited 71 | [-] CVE-2024-43623 -- Windows NT OS Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43623 72 | [-] CVE-2024-43630 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43630 73 | [-] CVE-2024-49040 -- Microsoft Exchange Server Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49040 74 | [-] CVE-2024-43629 -- Windows DWM Core Library Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43629 75 | [-] CVE-2024-43636 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43636 76 | [-] CVE-2024-43642 -- Windows SMB Denial of Service Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43642 77 | [-] CVE-2024-49019 -- Active Directory Certificate Services Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49019 78 | [-] CVE-2024-49033 -- Microsoft Word Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49033 79 | [-] CVE-2024-49060 -- Azure Stack HCI Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-49060 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-oct.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] October 2024 Security Updates 4 | [+] Found a total of 165 vulnerabilities 5 | [-] 28 Elevation of Privilege Vulnerabilities 6 | [-] 7 Security Feature Bypass Vulnerabilities 7 | [-] 43 Remote Code Execution Vulnerabilities 8 | [-] 6 Information Disclosure Vulnerabilities 9 | [-] 26 Denial of Service Vulnerabilities 10 | [-] 7 Spoofing Vulnerabilities 11 | [-] 3 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2024-43573 - 6.5 - Windows MSHTML Platform Spoofing Vulnerability 14 | [-] CVE-2024-43572 - 7.8 - Microsoft Management Console Remote Code Execution Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2024-38179 - 8.8 - Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability 17 | [-] CVE-2024-38229 - 8.1 - .NET and Visual Studio Remote Code Execution Vulnerability 18 | [-] CVE-2024-43518 - 8.8 - Windows Telephony Server Remote Code Execution Vulnerability 19 | [-] CVE-2024-43519 - 8.8 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 20 | [-] CVE-2024-43532 - 8.8 - Remote Registry Service Elevation of Privilege Vulnerability 21 | [-] CVE-2024-43533 - 8.8 - Remote Desktop Client Remote Code Execution Vulnerability 22 | [-] CVE-2024-6197 - 8.8 - Open Source Curl Remote Code Execution Vulnerability 23 | [-] CVE-2024-43608 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 24 | [-] CVE-2024-43607 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 25 | [-] CVE-2024-38124 - 9.0 - Windows Netlogon Elevation of Privilege Vulnerability 26 | [-] CVE-2024-38265 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 27 | [-] CVE-2024-43453 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 28 | [-] CVE-2024-38212 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 29 | [-] CVE-2024-30092 - 8.0 - Windows Hyper-V Remote Code Execution Vulnerability 30 | [-] CVE-2024-43497 - 8.4 - DeepSpeed Remote Code Execution Vulnerability 31 | [-] CVE-2024-43468 - 9.8 - Microsoft Configuration Manager Remote Code Execution Vulnerability 32 | [-] CVE-2024-43517 - 8.8 - Microsoft ActiveX Data Objects Remote Code Execution Vulnerability 33 | [-] CVE-2024-43549 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 34 | [-] CVE-2024-43564 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 35 | [-] CVE-2024-43574 - 8.3 - Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability 36 | [-] CVE-2024-43582 - 8.1 - Remote Desktop Protocol Server Remote Code Execution Vulnerability 37 | [-] CVE-2024-43589 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 38 | [-] CVE-2024-43591 - 8.7 - Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability 39 | [-] CVE-2024-43592 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 40 | [-] CVE-2024-43593 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 41 | [-] CVE-2024-43599 - 8.8 - Remote Desktop Client Remote Code Execution Vulnerability 42 | [-] CVE-2024-43611 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 43 | [-] CVE-2024-43488 - 8.8 - Visual Studio Code extension for Arduino Remote Code Execution Vulnerability 44 | [-] CVE-2017-17522 - 8.8 - None 45 | [-] CVE-2024-2398 - 8.6 - None 46 | [-] CVE-2023-29402 - 9.8 - None 47 | [-] CVE-2023-29404 - 9.8 - None 48 | [+] Found 8 vulnerabilites more likely to be exploited 49 | [-] CVE-2024-43502 -- Windows Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43502 50 | [-] CVE-2024-43581 -- Microsoft OpenSSH for Windows Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43581 51 | [-] CVE-2024-43609 -- Microsoft Office Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43609 52 | [-] CVE-2024-43615 -- Microsoft OpenSSH for Windows Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43615 53 | [-] CVE-2024-43509 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43509 54 | [-] CVE-2024-43556 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43556 55 | [-] CVE-2024-43560 -- Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43560 56 | [-] CVE-2024-43583 -- Winlogon Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43583 -------------------------------------------------------------------------------- /Patch Tuesday/History/2024-sep.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] September 2024 Security Updates 4 | [+] Found a total of 529 vulnerabilities 5 | [-] 32 Elevation of Privilege Vulnerabilities 6 | [-] 4 Security Feature Bypass Vulnerabilities 7 | [-] 23 Remote Code Execution Vulnerabilities 8 | [-] 11 Information Disclosure Vulnerabilities 9 | [-] 8 Denial of Service Vulnerabilities 10 | [-] 3 Spoofing Vulnerabilities 11 | [-] 9 Edge - Chromium Vulnerabilities 12 | [+] Found 5 exploited in the wild 13 | [-] CVE-2024-38014 - 7.8 - Windows Installer Elevation of Privilege Vulnerability 14 | [-] CVE-2024-38217 - 5.4 - Windows Mark of the Web Security Feature Bypass Vulnerability 15 | [-] CVE-2024-38226 - 7.3 - Microsoft Publisher Security Feature Bypass Vulnerability 16 | [-] CVE-2024-43461 - 8.8 - Windows MSHTML Platform Spoofing Vulnerability 17 | [-] CVE-2024-43491 - 9.8 - Microsoft Windows Update Remote Code Execution Vulnerability 18 | [+] Highest Rated Vulnerabilities 19 | [-] CVE-2017-17522 - 8.8 - None 20 | [-] CVE-2022-37434 - 9.8 - None 21 | [-] CVE-2023-45853 - 9.8 - None 22 | [-] CVE-2024-2398 - 8.6 - None 23 | [-] CVE-2022-1292 - 9.8 - None 24 | [-] CVE-2022-1996 - 9.1 - None 25 | [-] CVE-2024-41110 - 9.9 - None 26 | [-] CVE-2023-43804 - 8.1 - None 27 | [-] CVE-2024-5535 - 9.1 - None 28 | [-] CVE-2022-23806 - 9.1 - None 29 | [-] CVE-2024-41671 - 8.3 - None 30 | [-] CVE-2021-3750 - 8.2 - None 31 | [-] CVE-2021-4206 - 8.2 - None 32 | [-] CVE-2021-4207 - 8.2 - None 33 | [-] CVE-2022-35414 - 8.8 - None 34 | [-] CVE-2022-36648 - 10.0 - None 35 | [-] CVE-2022-23639 - 8.1 - None 36 | [-] CVE-2024-37371 - 9.1 - None 37 | [-] CVE-2024-24474 - 8.8 - None 38 | [-] CVE-2024-27053 - 9.1 - None 39 | [-] CVE-2022-46146 - 8.8 - None 40 | [-] CVE-2022-31627 - 9.8 - None 41 | [-] CVE-2022-46175 - 8.8 - None 42 | [-] CVE-2021-32714 - 9.1 - None 43 | [-] CVE-2024-45490 - 9.8 - None 44 | [-] CVE-2024-45492 - 9.8 - None 45 | [-] CVE-2024-39331 - 9.8 - None 46 | [-] CVE-2024-3727 - 8.3 - None 47 | [-] CVE-2021-3929 - 8.2 - None 48 | [-] CVE-2022-3872 - 8.6 - None 49 | [-] CVE-2024-27322 - 8.8 - None 50 | [-] CVE-2024-42461 - 9.1 - None 51 | [-] CVE-2023-26484 - 8.2 - None 52 | [-] CVE-2020-25576 - 9.8 - None 53 | [-] CVE-2024-37407 - 9.1 - None 54 | [-] CVE-2024-1753 - 8.6 - None 55 | [-] CVE-2021-45707 - 9.8 - None 56 | [-] CVE-2017-14623 - 8.1 - None 57 | [-] CVE-2024-45491 - 9.8 - None 58 | [-] CVE-2024-37338 - 8.8 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability 59 | [-] CVE-2024-37335 - 8.8 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability 60 | [-] CVE-2024-37340 - 8.8 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability 61 | [-] CVE-2024-37339 - 8.8 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability 62 | [-] CVE-2024-26186 - 8.8 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability 63 | [-] CVE-2024-26191 - 8.8 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability 64 | [-] CVE-2024-38018 - 8.8 - Microsoft SharePoint Server Remote Code Execution Vulnerability 65 | [-] CVE-2024-38216 - 8.2 - Azure Stack Hub Elevation of Privilege Vulnerability 66 | [-] CVE-2024-38220 - 9.0 - Azure Stack Hub Elevation of Privilege Vulnerability 67 | [-] CVE-2024-38240 - 8.1 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability 68 | [-] CVE-2024-37965 - 8.8 - Microsoft SQL Server Elevation of Privilege Vulnerability 69 | [-] CVE-2024-37341 - 8.8 - Microsoft SQL Server Elevation of Privilege Vulnerability 70 | [-] CVE-2024-38225 - 8.8 - Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability 71 | [-] CVE-2024-38259 - 8.8 - Microsoft Management Console Remote Code Execution Vulnerability 72 | [-] CVE-2024-38260 - 8.8 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 73 | [-] CVE-2024-21416 - 8.1 - Windows TCP/IP Remote Code Execution Vulnerability 74 | [-] CVE-2024-38045 - 8.1 - Windows TCP/IP Remote Code Execution Vulnerability 75 | [-] CVE-2024-43455 - 8.8 - Windows Remote Desktop Licensing Service Spoofing Vulnerability 76 | [-] CVE-2024-43461 - 8.8 - Windows MSHTML Platform Spoofing Vulnerability 77 | [-] CVE-2024-43469 - 8.8 - Azure CycleCloud Remote Code Execution Vulnerability 78 | [-] CVE-2024-43479 - 8.5 - Microsoft Power Automate Desktop Remote Code Execution Vulnerability 79 | [-] CVE-2024-43491 - 9.8 - Microsoft Windows Update Remote Code Execution Vulnerability 80 | [-] CVE-2024-38194 - 8.4 - Azure Web Apps Elevation of Privilege Vulnerability 81 | [-] CVE-2024-38183 - 8.8 - GroupMe Elevation of Privilege Vulnerability 82 | [-] CVE-2024-43460 - 8.1 - Dynamics 365 Business Central Elevation of Privilege Vulnerability 83 | [-] CVE-2024-37980 - 8.8 - Microsoft SQL Server Elevation of Privilege Vulnerability 84 | [+] Found 18 vulnerabilites more likely to be exploited 85 | [-] CVE-2024-38018 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38018 86 | [-] CVE-2024-38241 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38241 87 | [-] CVE-2024-38242 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38242 88 | [-] CVE-2024-38249 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38249 89 | [-] CVE-2024-38252 -- Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38252 90 | [-] CVE-2024-38253 -- Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38253 91 | [-] CVE-2024-43464 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43464 92 | [-] CVE-2024-38227 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38227 93 | [-] CVE-2024-38228 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38228 94 | [-] CVE-2024-38237 -- Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38237 95 | [-] CVE-2024-38238 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38238 96 | [-] CVE-2024-38243 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38243 97 | [-] CVE-2024-38244 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38244 98 | [-] CVE-2024-38245 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38245 99 | [-] CVE-2024-38246 -- Win32k Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38246 100 | [-] CVE-2024-38247 -- Windows Graphics Component Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-38247 101 | [-] CVE-2024-43457 -- Windows Setup and Deployment Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43457 102 | [-] CVE-2024-43487 -- Windows Mark of the Web Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-43487 -------------------------------------------------------------------------------- /Patch Tuesday/History/2025-apr.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] April 2025 Security Updates 4 | [+] Found a total of 202 vulnerabilities 5 | [-] 49 Elevation of Privilege Vulnerabilities 6 | [-] 9 Security Feature Bypass Vulnerabilities 7 | [-] 31 Remote Code Execution Vulnerabilities 8 | [-] 17 Information Disclosure Vulnerabilities 9 | [-] 14 Denial of Service Vulnerabilities 10 | [-] 3 Spoofing Vulnerabilities 11 | [-] 11 Edge - Chromium Vulnerabilities 12 | [+] Found 1 exploited in the wild 13 | [-] CVE-2025-29824 - 7.8 - Windows Common Log File System Driver Elevation of Privilege Vulnerability 14 | [+] Highest Rated Vulnerabilities 15 | [-] CVE-2025-26663 - 8.1 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability 16 | [-] CVE-2025-26669 - 8.8 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 17 | [-] CVE-2025-27477 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 18 | [-] CVE-2025-27740 - 8.8 - Active Directory Certificate Services Elevation of Privilege Vulnerability 19 | [-] CVE-2025-29794 - 8.8 - Microsoft SharePoint Remote Code Execution Vulnerability 20 | [-] CVE-2025-21205 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 21 | [-] CVE-2025-21221 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 22 | [-] CVE-2025-21222 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 23 | [-] CVE-2025-25000 - 8.8 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 24 | [-] CVE-2025-26647 - 8.1 - Windows Kerberos Elevation of Privilege Vulnerability 25 | [-] CVE-2025-26670 - 8.1 - Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability 26 | [-] CVE-2025-26671 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 27 | [-] CVE-2025-26678 - 8.4 - Windows Defender Application Control Security Feature Bypass Vulnerability 28 | [-] CVE-2025-27480 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 29 | [-] CVE-2025-27481 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 30 | [-] CVE-2025-27482 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 31 | [-] CVE-2025-27487 - 8.0 - Remote Desktop Client Remote Code Execution Vulnerability 32 | [-] CVE-2025-27737 - 8.6 - Windows Security Zone Mapping Security Feature Bypass Vulnerability 33 | [-] CVE-2017-17522 - 8.8 - None 34 | [-] CVE-2024-3727 - 8.3 - None 35 | [-] CVE-2024-21896 - 9.8 - None 36 | [-] CVE-2007-4559 - 9.8 - None 37 | [-] CVE-2024-52338 - 9.8 - None 38 | [-] CVE-2024-45337 - 9.1 - None 39 | [-] CVE-2024-7776 - 9.1 - None 40 | [+] Found 11 vulnerabilites more likely to be exploited 41 | [-] CVE-2025-26663 -- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-26663 42 | [-] CVE-2025-27472 -- Windows Mark of the Web Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27472 43 | [-] CVE-2025-29793 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29793 44 | [-] CVE-2025-29792 -- Microsoft Office Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29792 45 | [-] CVE-2025-29794 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29794 46 | [-] CVE-2025-26670 -- Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-26670 47 | [-] CVE-2025-27480 -- Windows Remote Desktop Services Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27480 48 | [-] CVE-2025-27482 -- Windows Remote Desktop Services Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27482 49 | [-] CVE-2025-27727 -- Windows Installer Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27727 50 | [-] CVE-2025-29809 -- Windows Kerberos Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29809 51 | [-] CVE-2025-29812 -- DirectX Graphics Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29812 -------------------------------------------------------------------------------- /Patch Tuesday/History/2025-feb.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] February 2025 Security Updates 4 | [+] Found a total of 141 vulnerabilities 5 | [-] 20 Elevation of Privilege Vulnerabilities 6 | [-] 2 Security Feature Bypass Vulnerabilities 7 | [-] 22 Remote Code Execution Vulnerabilities 8 | [-] 1 Information Disclosure Vulnerabilities 9 | [-] 9 Denial of Service Vulnerabilities 10 | [-] 3 Spoofing Vulnerabilities 11 | [-] 9 Edge - Chromium Vulnerabilities 12 | [+] Found 2 exploited in the wild 13 | [-] CVE-2025-21391 - 7.1 - Windows Storage Elevation of Privilege Vulnerability 14 | [-] CVE-2025-21418 - 7.8 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 15 | [+] Highest Rated Vulnerabilities 16 | [-] CVE-2025-21368 - 8.8 - Microsoft Digest Authentication Remote Code Execution Vulnerability 17 | [-] CVE-2025-21369 - 8.8 - Microsoft Digest Authentication Remote Code Execution Vulnerability 18 | [-] CVE-2025-21376 - 8.1 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability 19 | [-] CVE-2025-21177 - 8.7 - Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability 20 | [-] CVE-2025-21342 - 8.8 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 21 | [-] CVE-2025-21408 - 8.8 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 22 | [-] CVE-2025-21208 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 23 | [-] CVE-2025-21406 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 24 | [-] CVE-2025-21407 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 25 | [-] CVE-2025-21410 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 26 | [-] CVE-2025-21190 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 27 | [-] CVE-2025-21200 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 28 | [-] CVE-2025-21201 - 8.8 - Windows Telephony Server Remote Code Execution Vulnerability 29 | [-] CVE-2025-21371 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 30 | [-] CVE-2025-21400 - 8.0 - Microsoft SharePoint Server Remote Code Execution Vulnerability 31 | [-] CVE-2017-17522 - 8.8 - None 32 | [-] CVE-2024-4323 - 9.8 - None 33 | [-] CVE-2023-45853 - 9.8 - None 34 | [-] CVE-2024-3727 - 8.3 - None 35 | [-] CVE-2022-49043 - 8.1 - None 36 | [-] CVE-2007-4559 - 9.8 - None 37 | [-] CVE-2024-52338 - 9.8 - None 38 | [-] CVE-2013-2094 - 8.4 - None 39 | [-] CVE-2022-23901 - 9.8 - None 40 | [-] CVE-2025-21198 - 9.0 - Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability 41 | [+] Found 9 vulnerabilites more likely to be exploited 42 | [-] CVE-2025-21376 -- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21376 43 | [-] CVE-2025-21419 -- Windows Setup Files Cleanup Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21419 44 | [-] CVE-2025-21420 -- Windows Disk Cleanup Tool Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21420 45 | [-] CVE-2025-21358 -- Windows Core Messaging Elevation of Privileges Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21358 46 | [-] CVE-2025-21367 -- Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21367 47 | [-] CVE-2025-21377 -- NTLM Hash Disclosure Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21377 48 | [-] CVE-2025-21400 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21400 49 | [-] CVE-2025-21184 -- Windows Core Messaging Elevation of Privileges Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21184 50 | [-] CVE-2025-21414 -- Windows Core Messaging Elevation of Privileges Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21414 -------------------------------------------------------------------------------- /Patch Tuesday/History/2025-jan.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] January 2025 Security Updates 4 | [+] Found a total of 211 vulnerabilities 5 | [-] 41 Elevation of Privilege Vulnerabilities 6 | [-] 14 Security Feature Bypass Vulnerabilities 7 | [-] 58 Remote Code Execution Vulnerabilities 8 | [-] 24 Information Disclosure Vulnerabilities 9 | [-] 20 Denial of Service Vulnerabilities 10 | [-] 5 Spoofing Vulnerabilities 11 | [-] 1 Edge - Chromium Vulnerabilities 12 | [+] Found 3 exploited in the wild 13 | [-] CVE-2025-21333 - 7.8 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability 14 | [-] CVE-2025-21334 - 7.8 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability 15 | [-] CVE-2025-21335 - 7.8 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability 16 | [+] Highest Rated Vulnerabilities 17 | [-] CVE-2025-21411 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 18 | [-] CVE-2025-21413 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 19 | [-] CVE-2025-21233 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 20 | [-] CVE-2025-21236 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 21 | [-] CVE-2025-21237 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 22 | [-] CVE-2025-21239 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 23 | [-] CVE-2025-21241 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 24 | [-] CVE-2025-21243 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 25 | [-] CVE-2025-21244 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 26 | [-] CVE-2025-21248 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 27 | [-] CVE-2025-21252 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 28 | [-] CVE-2025-21266 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 29 | [-] CVE-2025-21282 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 30 | [-] CVE-2025-21291 - 8.8 - Windows Direct Show Remote Code Execution Vulnerability 31 | [-] CVE-2025-21293 - 8.8 - Active Directory Domain Services Elevation of Privilege Vulnerability 32 | [-] CVE-2025-21294 - 8.1 - Microsoft Digest Authentication Remote Code Execution Vulnerability 33 | [-] CVE-2025-21295 - 8.1 - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability 34 | [-] CVE-2025-21297 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 35 | [-] CVE-2025-21298 - 9.8 - Windows OLE Remote Code Execution Vulnerability 36 | [-] CVE-2025-21302 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 37 | [-] CVE-2025-21303 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 38 | [-] CVE-2025-21306 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 39 | [-] CVE-2025-21309 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 40 | [-] CVE-2025-21176 - 8.8 - .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability 41 | [-] CVE-2025-21178 - 8.8 - Visual Studio Remote Code Execution Vulnerability 42 | [-] CVE-2025-21224 - 8.1 - Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability 43 | [-] CVE-2025-21273 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 44 | [-] CVE-2025-21286 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 45 | [-] CVE-2025-21292 - 8.8 - Windows Search Service Elevation of Privilege Vulnerability 46 | [-] CVE-2025-21305 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 47 | [-] CVE-2025-21307 - 9.8 - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability 48 | [-] CVE-2025-21339 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 49 | [-] CVE-2025-21380 - 8.8 - Azure Marketplace SaaS Resources Information Disclosure Vulnerability 50 | [-] CVE-2025-21385 - 8.8 - Microsoft Purview Information Disclosure Vulnerability 51 | [-] CVE-2025-21311 - 9.8 - Windows NTLM V1 Elevation of Privilege Vulnerability 52 | [-] CVE-2025-21246 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 53 | [-] CVE-2025-21417 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 54 | [-] CVE-2025-21250 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 55 | [-] CVE-2025-21240 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 56 | [-] CVE-2025-21238 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 57 | [-] CVE-2025-21223 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 58 | [-] CVE-2025-21409 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 59 | [-] CVE-2025-21245 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 60 | [-] CVE-2017-17522 - 8.8 - None 61 | [-] CVE-2024-3727 - 8.3 - None 62 | [-] CVE-2024-52338 - 9.8 - None 63 | [-] CVE-2024-45337 - 9.1 - None 64 | [-] CVE-2025-21362 - 8.4 - Microsoft Excel Remote Code Execution Vulnerability 65 | [-] CVE-2025-21354 - 8.4 - Microsoft Excel Remote Code Execution Vulnerability 66 | [+] Found 17 vulnerabilites more likely to be exploited 67 | [-] CVE-2025-21210 -- Windows BitLocker Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21210 68 | [-] CVE-2025-21268 -- MapUrlToZone Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21268 69 | [-] CVE-2025-21269 -- Windows HTML Platforms Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21269 70 | [-] CVE-2025-21298 -- Windows OLE Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21298 71 | [-] CVE-2025-21299 -- Windows Kerberos Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21299 72 | [-] CVE-2025-21309 -- Windows Remote Desktop Services Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21309 73 | [-] CVE-2025-21314 -- Windows SmartScreen Spoofing Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21314 74 | [-] CVE-2025-21315 -- Microsoft Brokering File System Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21315 75 | [-] CVE-2025-21364 -- Microsoft Excel Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21364 76 | [-] CVE-2025-21365 -- Microsoft Office Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21365 77 | [-] CVE-2025-21219 -- MapUrlToZone Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21219 78 | [-] CVE-2025-21329 -- MapUrlToZone Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21329 79 | [-] CVE-2025-21328 -- MapUrlToZone Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21328 80 | [-] CVE-2025-21189 -- MapUrlToZone Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21189 81 | [-] CVE-2025-21292 -- Windows Search Service Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21292 82 | [-] CVE-2025-21362 -- Microsoft Excel Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21362 83 | [-] CVE-2025-21354 -- Microsoft Excel Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21354 -------------------------------------------------------------------------------- /Patch Tuesday/History/2025-mar.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] March 2025 Security Updates 4 | [+] Found a total of 477 vulnerabilities 5 | [-] 24 Elevation of Privilege Vulnerabilities 6 | [-] 3 Security Feature Bypass Vulnerabilities 7 | [-] 23 Remote Code Execution Vulnerabilities 8 | [-] 4 Information Disclosure Vulnerabilities 9 | [-] 1 Denial of Service Vulnerabilities 10 | [-] 3 Spoofing Vulnerabilities 11 | [-] 15 Edge - Chromium Vulnerabilities 12 | [+] Found 6 exploited in the wild 13 | [-] CVE-2025-24983 - 7.0 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability 14 | [-] CVE-2025-24984 - 4.6 - Windows NTFS Information Disclosure Vulnerability 15 | [-] CVE-2025-24985 - 7.8 - Windows Fast FAT File System Driver Remote Code Execution Vulnerability 16 | [-] CVE-2025-24991 - 5.5 - Windows NTFS Information Disclosure Vulnerability 17 | [-] CVE-2025-24993 - 7.8 - Windows NTFS Remote Code Execution Vulnerability 18 | [-] CVE-2025-26633 - 7.0 - Microsoft Management Console Security Feature Bypass Vulnerability 19 | [+] Highest Rated Vulnerabilities 20 | [-] CVE-2024-52338 - 9.8 - None 21 | [-] CVE-2024-3727 - 8.3 - None 22 | [-] CVE-2017-17522 - 8.8 - None 23 | [-] CVE-2007-4559 - 9.8 - None 24 | [-] CVE-2024-45337 - 9.1 - None 25 | [-] CVE-2024-36623 - 8.1 - None 26 | [-] CVE-2024-45492 - 9.8 - None 27 | [-] CVE-2016-9840 - 8.8 - None 28 | [-] CVE-2016-9841 - 9.8 - None 29 | [-] CVE-2016-9842 - 8.8 - None 30 | [-] CVE-2016-9843 - 9.8 - None 31 | [-] CVE-2023-25564 - 8.2 - None 32 | [-] CVE-2025-23359 - 8.3 - None 33 | [-] CVE-2024-45491 - 9.8 - None 34 | [-] CVE-2023-44398 - 8.8 - None 35 | [-] CVE-2017-12652 - 9.8 - None 36 | [-] CVE-2018-7263 - 9.8 - None 37 | [-] CVE-2023-39976 - 9.8 - None 38 | [-] CVE-2022-26592 - 8.8 - None 39 | [-] CVE-2022-37434 - 9.8 - None 40 | [-] CVE-2024-34402 - 8.6 - None 41 | [-] CVE-2025-27363 - 8.1 - None 42 | [-] CVE-2025-24035 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 43 | [-] CVE-2025-24045 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability 44 | [-] CVE-2025-24051 - 8.8 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 45 | [-] CVE-2025-24056 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability 46 | [-] CVE-2025-24064 - 8.1 - Windows Domain Name Service Remote Code Execution Vulnerability 47 | [-] CVE-2025-24049 - 8.4 - Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability 48 | [-] CVE-2025-26645 - 8.8 - Remote Desktop Client Remote Code Execution Vulnerability 49 | [-] CVE-2025-24084 - 8.4 - Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability 50 | [+] Found 11 vulnerabilites more likely to be exploited 51 | [-] CVE-2025-24035 -- Windows Remote Desktop Services Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24035 52 | [-] CVE-2024-9157 -- Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability - https://www.cve.org/CVERecord?id=CVE-2024-9157 53 | [-] CVE-2025-24044 -- Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24044 54 | [-] CVE-2025-21180 -- Windows exFAT File System Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21180 55 | [-] CVE-2025-24995 -- Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24995 56 | [-] CVE-2025-21247 -- MapUrlToZone Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-21247 57 | [-] CVE-2025-24045 -- Windows Remote Desktop Services Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24045 58 | [-] CVE-2025-24061 -- Windows Mark of the Web Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24061 59 | [-] CVE-2025-24066 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24066 60 | [-] CVE-2025-24067 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24067 61 | [-] CVE-2025-24992 -- Windows NTFS Information Disclosure Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24992 -------------------------------------------------------------------------------- /Patch Tuesday/History/2025-may.txt: -------------------------------------------------------------------------------- 1 | [+] Microsoft Patch Tuesday Stats 2 | [+] https://github.com/Immersive-Labs-Sec/msrc-api 3 | [+] May 2025 Security Updates 4 | [+] Found a total of 268 vulnerabilities 5 | [-] 20 Elevation of Privilege Vulnerabilities 6 | [-] 2 Security Feature Bypass Vulnerabilities 7 | [-] 29 Remote Code Execution Vulnerabilities 8 | [-] 16 Information Disclosure Vulnerabilities 9 | [-] 7 Denial of Service Vulnerabilities 10 | [-] 3 Spoofing Vulnerabilities 11 | [-] 6 Edge - Chromium Vulnerabilities 12 | [+] Found 5 exploited in the wild 13 | [-] CVE-2025-30400 - 7.8 - Microsoft DWM Core Library Elevation of Privilege Vulnerability 14 | [-] CVE-2025-32701 - 7.8 - Windows Common Log File System Driver Elevation of Privilege Vulnerability 15 | [-] CVE-2025-32706 - 7.8 - Windows Common Log File System Driver Elevation of Privilege Vulnerability 16 | [-] CVE-2025-32709 - 7.8 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 17 | [-] CVE-2025-30397 - 7.5 - Scripting Engine Memory Corruption Vulnerability 18 | [+] Highest Rated Vulnerabilities 19 | [-] CVE-2025-26646 - 8.0 - .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability 20 | [-] CVE-2025-29964 - 8.8 - Windows Media Remote Code Execution Vulnerability 21 | [-] CVE-2025-29966 - 8.8 - Remote Desktop Client Remote Code Execution Vulnerability 22 | [-] CVE-2025-29967 - 8.8 - Remote Desktop Client Remote Code Execution Vulnerability 23 | [-] CVE-2025-30377 - 8.4 - Microsoft Office Remote Code Execution Vulnerability 24 | [-] CVE-2025-30386 - 8.4 - Microsoft Office Remote Code Execution Vulnerability 25 | [-] CVE-2025-30387 - 9.8 - Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability 26 | [-] CVE-2025-33072 - 8.1 - Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability 27 | [-] CVE-2025-29840 - 8.8 - Windows Media Remote Code Execution Vulnerability 28 | [-] CVE-2025-29962 - 8.8 - Windows Media Remote Code Execution Vulnerability 29 | [-] CVE-2025-29963 - 8.8 - Windows Media Remote Code Execution Vulnerability 30 | [-] CVE-2025-32704 - 8.4 - Microsoft Excel Remote Code Execution Vulnerability 31 | [-] CVE-2025-29972 - 9.9 - Azure Storage Resource Provider Spoofing Vulnerability 32 | [-] CVE-2025-29827 - 9.9 - Azure Automation Elevation of Privilege Vulnerability 33 | [-] CVE-2025-29813 - 10.0 - Azure DevOps Server Elevation of Privilege Vulnerability 34 | [-] CVE-2025-47733 - 9.1 - Microsoft Power Apps Information Disclosure Vulnerability 35 | [-] CVE-2025-47732 - 8.7 - Microsoft Dataverse Remote Code Execution Vulnerability 36 | [-] CVE-2024-3727 - 8.3 - None 37 | [-] CVE-2017-17522 - 8.8 - None 38 | [-] CVE-2024-52338 - 9.8 - None 39 | [-] CVE-2025-2291 - 8.1 - None 40 | [-] CVE-2007-4559 - 9.8 - None 41 | [-] CVE-2016-1585 - 9.8 - None 42 | [-] CVE-2025-23016 - 9.3 - None 43 | [+] Found 8 vulnerabilites more likely to be exploited 44 | [-] CVE-2025-29971 -- Web Threat Defense (WTD.sys) Denial of Service Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29971 45 | [-] CVE-2025-29976 -- Microsoft SharePoint Server Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29976 46 | [-] CVE-2025-30382 -- Microsoft SharePoint Server Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-30382 47 | [-] CVE-2025-30386 -- Microsoft Office Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-30386 48 | [-] CVE-2025-29841 -- Universal Print Management Service Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29841 49 | [-] CVE-2025-30385 -- Windows Common Log File System Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-30385 50 | [-] CVE-2025-30388 -- Windows Graphics Component Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-30388 51 | [-] CVE-2025-24063 -- Kernel Streaming Service Driver Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-24063 -------------------------------------------------------------------------------- /Patch Tuesday/README.md: -------------------------------------------------------------------------------- 1 | # Patch Tuesday Review 2 | 3 | Source: https://github.com/Immersive-Labs-Sec/msrc-api/blob/main/patch_review.py 4 | 5 | Run this using: 6 | 7 | ``` 8 | python.exe .\patch_review.py 2023-jun 9 | ``` -------------------------------------------------------------------------------- /Patch Tuesday/patch_review.py: -------------------------------------------------------------------------------- 1 | # PatchReview 2 | # Copyright (C) 2021 Kevin Breen, Immersive Labs 3 | # https://github.com/Immersive-Labs-Sec/msrc-api 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | import argparse 24 | import requests 25 | import re 26 | 27 | base_url = 'https://api.msrc.microsoft.com/cvrf/v2.0/' 28 | 29 | headers = {'Accept': 'application/json'} 30 | 31 | vuln_types = [ 32 | 'Elevation of Privilege', 33 | 'Security Feature Bypass', 34 | 'Remote Code Execution', 35 | 'Information Disclosure', 36 | 'Denial of Service', 37 | 'Spoofing', 38 | 'Edge - Chromium' 39 | ] 40 | 41 | 42 | def count_type(search_type, all_vulns): 43 | counter = 0 44 | for vuln in all_vulns: 45 | for threat in vuln['Threats']: 46 | if threat['Type'] == 0: 47 | if search_type == "Edge - Chromium": 48 | if threat['ProductID'][0] == '11655': 49 | counter += 1 50 | break 51 | elif threat['Description'].get('Value') == search_type: 52 | if threat['ProductID'][0] == '11655': 53 | # Do not double count Chromium Vulns 54 | break 55 | counter += 1 56 | break 57 | return counter 58 | 59 | def count_exploited(all_vulns): 60 | counter = 0 61 | cves = [] 62 | for vuln in all_vulns: 63 | cvss_score = 0.0 64 | cvss_sets = vuln.get('CVSSScoreSets', []) 65 | if len(cvss_sets) > 0 : 66 | cvss_score = cvss_sets[0].get('BaseScore', 0.0) 67 | 68 | for threat in vuln['Threats']: 69 | if threat['Type'] == 1: 70 | description = threat['Description']['Value'] 71 | if 'Exploited:Yes' in description: 72 | counter += 1 73 | cves.append(f'{vuln["CVE"]} - {cvss_score} - {vuln["Title"]["Value"]}') 74 | break 75 | return {'counter': counter, 'cves': cves} 76 | 77 | def exploitation_likely(all_vulns): 78 | counter = 0 79 | cves = [] 80 | for vuln in all_vulns: 81 | for threat in vuln['Threats']: 82 | if threat['Type'] == 1: 83 | description = threat['Description']['Value'] 84 | if 'Exploitation More Likely'.lower() in description.lower(): 85 | counter += 1 86 | cves.append(f'{vuln["CVE"]} -- {vuln["Title"]["Value"]}') 87 | break 88 | return {'counter': counter, 'cves': cves} 89 | 90 | """ 91 | check the date format is yyyy-mmm 92 | """ 93 | def check_data_format(date_string): 94 | date_pattern = '\\d{4}-(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)' 95 | if re.match(date_pattern, date_string, re.IGNORECASE): 96 | return True 97 | 98 | def print_header(title): 99 | print("[+] Microsoft Patch Tuesday Stats") 100 | print("[+] https://github.com/Immersive-Labs-Sec/msrc-api") 101 | print(f"[+] {title}") 102 | 103 | 104 | if __name__ == "__main__": 105 | parser = argparse.ArgumentParser(description='Read vulnerability stats for a patch tuesday release.') 106 | parser.add_argument('security_update', help="Date string for the report query in format YYYY-mmm") 107 | 108 | args = parser.parse_args() 109 | 110 | if not check_data_format(args.security_update): 111 | print("[!] Invalid date format please use 'yyyy-mmm'") 112 | exit() 113 | 114 | # Get the list of all vulns 115 | get_sec_release = requests.get(f'{base_url}cvrf/{args.security_update}', headers=headers) 116 | 117 | if get_sec_release.status_code != 200: 118 | print(f"[!] Thats a {get_sec_release.status_code} from MS no release notes yet") 119 | exit() 120 | 121 | release_json = get_sec_release.json() 122 | 123 | title = release_json.get('DocumentTitle', 'Release not found').get('Value') 124 | 125 | all_vulns = release_json.get('Vulnerability', []) 126 | 127 | len_vuln = len(all_vulns) 128 | 129 | print_header(title) 130 | 131 | print(f'[+] Found a total of {len_vuln} vulnerabilities') 132 | 133 | for vuln_type in vuln_types: 134 | 135 | count = count_type(vuln_type, all_vulns) 136 | print(f' [-] {count} {vuln_type} Vulnerabilities') 137 | 138 | exploited = count_exploited(all_vulns) 139 | print(f'[+] Found {exploited["counter"]} exploited in the wild') 140 | for cve in exploited['cves']: 141 | print(f' [-] {cve}') 142 | 143 | base_score = 8.0 144 | print('[+] Highest Rated Vulnerabilities') 145 | for vuln in all_vulns: 146 | title = vuln.get('Title', {'Value': 'Not Found'}).get('Value') 147 | cve_id = vuln.get('CVE', '') 148 | cvss_sets = vuln.get('CVSSScoreSets', []) 149 | if len(cvss_sets) > 0 : 150 | cvss_score = cvss_sets[0].get('BaseScore', 0) 151 | if cvss_score >= base_score: 152 | print(f' [-] {cve_id} - {cvss_score} - {title}') 153 | 154 | exploitation = exploitation_likely(all_vulns) 155 | print(f'[+] Found {exploitation["counter"]} vulnerabilites more likely to be exploited') 156 | for cve in exploitation['cves']: 157 | print(f' [-] {cve} - https://www.cve.org/CVERecord?id={cve.split()[0]}') -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Security Scripts & Sources 2 | 3 | Welcome to the SecScripts repository! This collection of **security scripts and sources** is designed to assist you in automating various security-related tasks and to list sources that are relavant to security related topics. Whether you're a security professional, a system administrator, or an enthusiast, these scripts aim to simplify your workflow and enhance your efficiency. 4 | 5 | #### Scripts 6 | This repository contains a list with scripts that I use to automate security related tasks. The reason I store them in this repository is organize them in a convienient manner. The advantage of this is that the scripts can be shared with others, so they do not need to reinvent the wheel. 7 | 8 | #### Sources 9 | The sources section (below) lists relavant sources which I use for a variety of tasks. Feel free to check them out! 10 | 11 | ## Contributing 12 | 13 | We welcome contributions from the security community. If you have a script or sources that you believe would be beneficial to others, feel free to submit a pull request. 14 | 15 | # Cyber Sources 16 | 17 | # Documentation 18 | ## General 19 | - https://attack.mitre.org/ - MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. 20 | - https://threats.wiz.io/ - Cloud Threat Landscape 21 | - https://www.threat-intel.xyz/ - Free and Open Source Threat Intelligence Feeds 22 | - https://www.microsoft.com/en-us/security/blog/2023/12/05/microsoft-incident-response-lessons-on-preventing-cloud-identity-compromise/ - Microsoft Incident Response lessons on preventing cloud identity compromise 23 | 24 | ## Security Architecture 25 | - https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns - Azure security best practices and patterns 26 | - https://learn.microsoft.com/en-us/azure/active-directory/architecture/security-operations-user-accounts - Security Operations Guide Azure Active Directory 27 | 28 | ## Tools 29 | 30 | - https://github.com/rabobank-cdc/DeTTECT - Detect Tactics, Techniques & Combat Threats 31 | 32 | ## Information Repositories 33 | 34 | ## Security Tooling 35 | 36 | ### Microsoft Incident lookup 37 | - https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks - What are risk detections? 38 | 39 | ### MDE 40 | - https://securityoccupied.com/2023/06/15/taking-actions-on-mde-devices-via-powershell-and-mde-api/ - In an attempt to learn more about the Microsoft Defender for Endpoint (MDE) API available for investigative actions on machines, I have created a PowerShell script that can perform several machine actions for single devices and also in bulk. 41 | 42 | #### MDE Blogs 43 | - https://medium.com/@DFIRanjith/remote-collection-of-windows-forensic-artifacts-using-kape-and-microsoft-defender-for-endpoint-f7d3a857e2e0 - Remote collection of Windows Forensic Artifacts using KAPE and Microsoft Defender for Endpoint. 44 | 45 | ### Sentinel 46 | - https://github.com/Azure/Azure-Sentinel-Notebooks - Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors. 47 | - https://github.com/markolauren/sentinel/tree/main/tableCreator%20tool - 💡 Tool to capture the schema of existing Sentinel table, and create new table with same schema! 48 | - https://analyticsrules.exchange/ - Microsoft Sentinel Analytics Rules 49 | - https://firewalliplists.gypthecat.com/kusto-tables/ - Kusto Tables 50 | 51 | #### Sentinel Blogs 52 | - https://medium.com/@truvis.thornton/microsoft-azure-sentinel-adding-tlps-traffic-light-patterns-to-incidents-alerts-and-analytics-f05e0b2f171e - Microsoft Azure Sentinel: Adding TLPs (Traffic Light Protocol) to Incidents, Alerts and Analytics Rules. 53 | 54 | ### Microsoft Graph Security 55 | 56 | - https://learn.microsoft.com/en-us/connectors/microsoftgraphsecurity/ - The Microsoft Graph Security connector helps to connect different Microsoft and partner security products and services, using a unified schema, to streamline security operations, and improve threat protection, detection, and response capabilities. 57 | 58 | ### Other 59 | - https://www.echotrail.io/insights - Look up description, commonality, behavior, and more by searching through our extensive insights database. 60 | - https://github.com/indetectables-net/toolkit - The essential toolkit for reversing, malware analysis, and cracking 61 | 62 | --- 63 | ## Red Teaming 64 | - https://github.com/ihebski/DefaultCreds-cheat-sheet/blob/main/DefaultCreds-Cheat-Sheet.csv - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 65 | 66 | ### Attack Simulation 67 | - https://github.com/redcanaryco/atomic-red-team/tree/master - Small and highly portable detection tests based on MITRE's ATT&CK. 68 | - https://github.com/redcanaryco/invoke-atomicredteam - Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project. 69 | - https://github.com/tsale/EDR-Telemetry - This project aims to compare and evaluate the telemetry of various EDR products. 70 | - https://github.com/Orange-Cyberdefense/GOAD - game of active directory 71 | - https://github.com/RedSiege/GraphStrike - Cobalt Strike HTTPS beaconing over Microsoft Graph API 72 | - https://github.com/RedByte1337/GraphSpy - Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI 73 | 74 | ### Tools 75 | - https://stratus-red-team.cloud/ - ☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud 76 | 77 | --- 78 | ## Ransomware 79 | - https://github.com/fastfire/deepdarkCTI/blob/main/ransomware_gang.md - Collection of Cyber Threat Intelligence sources from the deep and dark web 80 | - https://ransomwhe.re/#browse - Ransomwhere is the open, crowdsourced ransomware payment tracker. Browse and download ransomware payment data or help build our dataset by reporting ransomware demands you have received. 81 | --- 82 | ## Threat Hunting 83 | - https://www.giac.org/paper/gsec/23549/hunting-gathering-powershell/121279 84 | - https://www.betaalvereniging.nl/en/safety/tahiti/ - TaHiTI Threat Hunting Methodology 85 | - https://www.betaalvereniging.nl/wp-content/uploads/DEF-TaHiTI-Threat-Hunting-Methodology.pdf - A joint threat hunting methodology from the Dutch financial sector 86 | 87 | --- 88 | ## Threat Intelligence 89 | - https://github.com/fastfire/deepdarkCTI - Collection of Cyber Threat Intelligence sources from the deep and dark web 90 | --- 91 | ## Detection Engineering 92 | - https://github.com/infosecB/awesome-detection-engineering - A list of useful Detection Engineering-related resources. 93 | - https://github.com/elastic/detection-rules - Elastic Detections and Alerts 94 | 95 | ### Standardized Detection Formats 96 | - https://github.com/SigmaHQ/sigma - Main Sigma Rule Repository 97 | - https://github.com/Yara-Rules/rules - Repository of yara rules 98 | - https://github.com/InQuest/awesome-yara#rules - A curated list of awesome YARA rules, tools, and people. 99 | - https://www.snort.org/downloads/#rule-downloads - Snort community ruleset 100 | 101 | ## Incident Response 102 | - https://www.microsoft.com/content/dam/microsoft/final/en-us/microsoft-brand/documents/MS-IR-Playbook-Final.pdf%20 - Navigating the Maze of Incident Response 103 | - https://training.13cubed.com/downloads - 13Cubed IR Guides 104 | 105 | ### Google Workspace 106 | - https://github.com/invictus-ir/ALFA - ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework 107 | 108 | ### UNIX 109 | - https://github.com/tclahr/uac - UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts. 110 | 111 | ### Windows 112 | - https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape - Kroll's Artifact Parser and Extractor (KAPE) – created by Kroll senior director and three-time Forensic 4:cast DFIR Investigator of the Year Eric Zimmerman – lets forensic teams collect and process forensically useful artifacts within minutes. 113 | 114 | ## Microsoft Azure & Office 365 115 | - https://github.com/invictus-ir/Microsoft-Extractor-Suite - A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes. 116 | - https://github.com/PwC-IR/Business-Email-Compromise-Guide - The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the process of identifying, collecting and analysing activity associated with BEC intrusions. 117 | 118 | ## Other 119 | - https://github.com/DebugPrivilege/InsightEngineering/ - This GitHub repository dives into fundamental concepts I believe are important for understanding debugging and troubleshooting complex issues on Windows. 120 | - https://github.com/FriedrichWeinmann/PkiExtension - Welcome to the PKI Extension PowerShell module project. 121 | - https://digger.tools/ 122 | - https://www.microsoft.com/en-us/security/blog/2024/01/17/new-microsoft-incident-response-guides-help-security-teams-analyze-suspicious-activity/ - New Microsoft Incident Response guides help security teams analyze suspicious activity 123 | - https://privacy.sexy/ - Enforce privacy & security best-practices on Windows, macOS and Linux. 124 | - https://br0k3nlab.com/resources/zen-of-security-rules/ - The Zen of python does a perfect job succinctly capturing guiding principles for developing via 19 aphorisms. This is the zen of writing security rules, for fostering high-quality, high-efficacy rules as simply as possible. 125 | - https://github.com/WithSecureLabs/lolcerts - A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors 126 | - https://learn.microsoft.com/en-us/purview/audit-log-activities - Audit log activities 127 | - https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/strategies-to-monitor-and-prevent-vulnerable-driver-attacks/ba-p/4103985 - Strategies to monitor and prevent vulnerable driver attacks 128 | - https://www.xintra.org/labs - XINTRA Labs 129 | - https://login.microsoftonline.com/error - EntraID Error codes 130 | - https://github.com/DebugPrivilege/RandomizedProjects/blob/64d42b922906d32f2c0ba55269f815205d5b464b/Defender%20for%20Endpoint/ETW%20Mapping/README.md - ETW Providers Defender For Endpoint 131 | - https://github.com/SecurityAura/Aura-Research/tree/main/DFIR - Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched 132 | - https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/ - This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected. 133 | 134 | ## Reports 135 | - https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023 - Microsoft Digital Defense Report 2023 136 | - https://services.google.com/fh/files/misc/m-trends-2024.pdf - M-Trends 2024 Special Report 137 | - https://www.sans.edu/cyber-research/active-directory-tactical-containment-to-curb-domain-dominance/ - Active Directory: Tactical Containment to Curb Domain Dominance 138 | - https://www.microsoft.com/en-us/security/blog/2024/04/23/new-microsoft-incident-response-guide-helps-simplify-cyberthreat-investigations/ - New Microsoft Incident Response guide helps simplify cyberthreat investigations 139 | - cthfm.gitbook.io - Cloud Threat Hunting Field Manual -------------------------------------------------------------------------------- /SIGMA/ExtractMitreTechniquesStats.py: -------------------------------------------------------------------------------- 1 | # This script can be put in a directory with SIGMA rules. The script will output statistics on the mitre techniques and tactics that are present in an output file named: mitre_statistics.txt 2 | # List will be done both on current directory as well as child directories. 3 | import os 4 | import yaml 5 | from collections import Counter 6 | 7 | def count_tag_values_in_yaml_files(directory, key_tag): 8 | tag_values = [] 9 | 10 | for root, dirs, files in os.walk(directory): 11 | for filename in files: 12 | if filename.endswith('.yml'): 13 | file_path = os.path.join(root, filename) 14 | with open(file_path, 'r') as file: 15 | try: 16 | data = yaml.safe_load(file) 17 | if key_tag in data: 18 | value = data[key_tag] 19 | tag_values.extend(value) 20 | except yaml.YAMLError as e: 21 | print(f"Error reading {filename}: {e}") 22 | 23 | tag_counts = Counter(tag_values) 24 | return tag_counts 25 | 26 | # Example usage 27 | directory = '.' # Replace with your directory path 28 | key_tag = 'tags' # Replace with your key tag 29 | output_file = 'mitre_statistics.txt' # Specify the output file path 30 | 31 | tag_counts = count_tag_values_in_yaml_files(directory, key_tag) 32 | 33 | # Write the tag statistics to a file 34 | with open(output_file, 'w') as file: 35 | file.write("Tag Statistics:\n") 36 | for tag, count in tag_counts.items(): 37 | file.write(f"{tag}: {count}\n") 38 | 39 | print(f"Tag statistics saved in {output_file}.") -------------------------------------------------------------------------------- /SIGMA/ListMitreTechniquesSIGMARule.py: -------------------------------------------------------------------------------- 1 | # use this script to list all mitre techniques and tactics for each sigma file in the current directory. 2 | import os 3 | import yaml 4 | 5 | def read_yaml_files(directory, key_tag): 6 | # Get all YAML files in the directory 7 | for filename in os.listdir(directory): 8 | if filename.endswith('.yml'): 9 | # Read and process each YAML file 10 | file_path = os.path.join(directory, filename) 11 | with open(file_path, 'r') as file: 12 | try: 13 | data = yaml.safe_load(file) 14 | if key_tag in data: 15 | value = data[key_tag] 16 | print(f"{filename}: {value}") 17 | except yaml.YAMLError as e: 18 | print(f"Error reading {filename}: {e}") 19 | 20 | # Example usage 21 | directory = '.' # Replace with your directory path 22 | key_tag = 'tags' # Replace with your key tag 23 | 24 | read_yaml_files(directory, key_tag) -------------------------------------------------------------------------------- /Validation/hash_validator.py: -------------------------------------------------------------------------------- 1 | # Example: 2 | # python hash_validator.py d41d8cd98f00b204e9800998ecf8427e 3 | # Outputs: 4 | # Hash algorithm used: MD5 5 | 6 | import re 7 | import hashlib 8 | import sys 9 | 10 | def validate_hash(hash_value): 11 | # Convert the hash value to lowercase 12 | hash_value = hash_value.lower() 13 | 14 | # Regular expressions for hash types 15 | md5_regex = r'^[0-9a-f]{32}$' 16 | sha1_regex = r'^[0-9a-f]{40}$' 17 | sha256_regex = r'^[0-9a-f]{64}$' 18 | 19 | # Check if the hash matches MD5 20 | if re.match(md5_regex, hash_value): 21 | return 'MD5' 22 | 23 | # Check if the hash matches SHA1 24 | if re.match(sha1_regex, hash_value): 25 | return 'SHA1' 26 | 27 | # Check if the hash matches SHA256 28 | if re.match(sha256_regex, hash_value): 29 | return 'SHA256' 30 | 31 | # If none of the hash types match 32 | return 'Error: Unknown hash algorithm' 33 | 34 | if __name__ == '__main__': 35 | if len(sys.argv) != 2: 36 | print('Usage: python hash_validator.py ') 37 | else: 38 | hash_value = sys.argv[1] 39 | algorithm = validate_hash(hash_value) 40 | print('Hash algorithm used:', algorithm) 41 | 42 | -------------------------------------------------------------------------------- /Validation/ip_validator.py: -------------------------------------------------------------------------------- 1 | import re 2 | 3 | def ip_validator(ip_address): 4 | regex_validator = "^((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])$" 5 | if(re.search(regex_validator, ip_address)): 6 | return True 7 | else: 8 | print('IP address: %s is not valid.' %ip_address) 9 | return False -------------------------------------------------------------------------------- /Vulnerabilities/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2023-4863 2 | - https://gist.github.com/mttaggart/02ed50c03c8283f4c343c3032dd2e7ec - CVE-2023-4863 Tracker 3 | --------------------------------------------------------------------------------