- Description
- Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
- Exploit added on
- Dec 10, 2024
- Exploit action due
- Dec 31, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-122
- nvd@nist.gov
- NVD-CWE-noinfo
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
CVE-2024-49138 is a zero-day vulnerability in the Windows CLFS driver. This flaw allows SYSTEM-level privilege escalation. Microsoft has released a patch in December 2024 updates. https://t.co/4JrKmsVhky
@Teemu_Tiainen
21 Jan 2025
86 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-50603 2 - CVE-2023-34960 3 - CVE-2024-49138 4 - CVE-2024-12084 5 - CVE-2025-21210 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Jan 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsのゼロデイ脆弱性(CVE-2024-49138)のPoCエクスプロイトが公開されました。ゼロデイ攻撃に悪用される可能性があるので、未対応者は今すぐ対応する事をお勧めします。 https://t.co/pBXdNNDIAZ
@01Programing
21 Jan 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC para vulnerabilidad Zero-Day en Windows (CVE-2024-49138). Esta falla, tiene una puntuación CVSS de 7,8 y permite a los atacantes obtener privilegios de SYSTEM en los dispositivos afectados. #ciberseguridad #cybersecurity https://t.co/K8Wb9V6nRf
@EHCGroup
20 Jan 2025
29 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC para vulnerabilidad Zero-Day en Windows (CVE-2024-49138) https://t.co/1PVeegDAkT
@SeguInfo
20 Jan 2025
798 Impressions
2 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
New PoC exploit for zero-day CVE-2024-49138 in Windows CLFS Driver reveals a critical elevation of privilege flaw (CVSS 7.8). Microsoft confirms active exploitation. Update systems! ⚠️ #Windows #ZeroDay #USA link: https://t.co/h0UXAQVhVz https://t.co/506AwKfb1h
@TweetThreatNews
20 Jan 2025
99 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited https://t.co/yn5pPw9YvF
@SecurityAid
20 Jan 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zero-Day Vulnerability in Windows Exploited, Windows Common Log File System (CLFS) Driver: CVE-2024-49138 PoC Code Released https://t.co/tDMf4WvOSE
@Dinosn
20 Jan 2025
12184 Impressions
105 Retweets
267 Likes
104 Bookmarks
1 Reply
1 Quote
Zero-Day Vulnerability in Windows Exploited: CVE-2024-49138 PoC Code Released Adding to the urgency, security researcher MrAle_98 released a proof-of-concept (PoC) exploit for CVE-2024-49138 on GitHub https://t.co/ISQVUEFMyg
@the_yellow_fall
20 Jan 2025
1882 Impressions
10 Retweets
49 Likes
14 Bookmarks
0 Replies
1 Quote
CVE-2024-49138 poc windows CLFS.sys提权漏洞 https://t.co/XAvMnvaQJO https://t.co/S2bIYztVvh
@gov_hack
17 Jan 2025
309 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-49138: LPE in CLFS.sys (Win11 23H2) - https://t.co/n13JTSDT4v 2. CVE-2024-44243: macOS SIP bypass through kernel extensions - https://t.co/H68UgoO62L 3. CVE-2025-21385: SSRF in MS Purview - https://t.co/WcS5T5Hr3w
@ksg93rd
17 Jan 2025
180 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
The Elevation of Privilege - #Windows Common Log File System Driver (CVE-2024-49138) has become more critical. A public exploit for it appeared on January 15th. It was developed by Alessandro Iandoli from @hnsec. #CLFS #HNSecurity ➡️ https://t.co/LT5nz03eJX https://t.co/Y7h9zCok
@leonov_av
16 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025-01-15 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― GitHub - MrAle98/CVE-2024-49138-POC: POC exploit for CVE-2024-49138 https://t.co/RVMNQhS2Xr https://t.co/8FjwweN1la
@motikan2010
16 Jan 2025
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
What has become known about the Elevation of Privilege - #Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later? Almost nothing. 🙄 #CLFS #CrowdStrike ➡️ https://t.co/06vTziELK5 https://t.co/W8wCKrVVoD
@leonov_av
15 Jan 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
While waiting for a blog post about CVE-2024-49138 you can start reading this (It share similarities with poc for CVE-2024-49138)🙂: https://t.co/mhgjApr0eo
@MrAle_98
15 Jan 2025
4506 Impressions
17 Retweets
67 Likes
33 Bookmarks
0 Replies
0 Quotes
I've been analyzing newly disclosed vulnerabilities in popular systems, including Mitel MiCollab (CVE-2024-41713, CVE-2024-35286), Zyxel Firewalls (CVE-2024-11667), and Microsoft Windows (CVE-2024-35250, CVE-2024-49138). Ivanti is also affected (CVE-2025-0282, CVE-2025-0283).
@agentwhitehat
15 Jan 2025
232 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Finally finished to develop an exploit for CVE-2024-49138: vulnerability in CLFS.sys. exploit code: https://t.co/ibsmECkYvp I'll provide a detailed analysis in a blog post. https://t.co/4mXU41OBaJ
@MrAle_98
15 Jan 2025
27184 Impressions
77 Retweets
328 Likes
163 Bookmarks
2 Replies
2 Quotes
Threat Alert: Fake LDAPNightmare exploit on GitHub spreads infostealer malware CVE-2024-49112 CVE-2024-49113 CVE-2024-49138 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/ifVGosLGvd #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
14 Jan 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat Alert: Critical Windows LDAP flaw could lead to crashed servers, RCE attacks CVE-2024-49112 CVE-2024-49113 CVE-2024-49138 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/ifVGosLGvd #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
4 Jan 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49138に今更ながら興味出てきた
@cloverfish300
2 Jan 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/Pt7g27ikvh https://t.co/J6LwmjhrYw
@NickBla41002745
25 Dec 2024
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. @treguly #PatchTuesday #CyberSecurity
@cybernated_DAM
25 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Detectada vulnerabilidad "Zero Day" CVE-2024-49138 que afecta @Windows 10, 11, Server 2019 y 2022. Actualiza tus sistemas, evita enlaces dudosos y monitorea actividad sospechosa. 🖥️🔒 #observadormx https://t.co/8ABe4ejaRA
@_observadormx
24 Dec 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. https://t.co/pFKNBrSuQl @treguly #PatchTuesday #CyberSecurity
@TripwireInc
23 Dec 2024
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/aY5kIm7xny https://t.co/fFr5UoO4Dy
@dansantanna
20 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. https://t.co/IFX5kutv4P @treguly #PatchTuesday #CyberSecurity
@TripwireInc
19 Dec 2024
187 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Windows-Sicherheitslücken: Admins müssen dringend handeln Microsoft schließt mehrere kritische Sicherheitslücken in Windows-Desktop- und Server-Versionen, die aktuell aktiv von Angreifern ausgenutzt werden. Besonders betroffen ist die Schwachstelle CVE-2024-49138, die es… https:
@tec4net
18 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/ax4daEk4H5 https://t.co/VQxjAWJb0V
@Art_Capella
17 Dec 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Releases Urgent Patch for Exploited Zero-Day Microsoft has released patches for over 70 documented security defects and actively exploited zero-day vulnerability in the Windows Common Log File System (CLFS). The vulnerability tracked as CVE-2024-49138, has a CVSS score…
@WarrenTevora
17 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity WOTW: Spray Attacks Actively Exploited Vulnerabilities Include: • Cleo File Upload (CVE-2024-50623) • Microsoft CLFS Buffer Overflow (CVE-2024-49138) • Ivanti Connect Secure Command Injection (CVE-2024-21887) 👉Read the blog: https://t.co/mLYWd1ZfIJ https://t.co/
@GradientCyber
16 Dec 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49138 is getting exploited #inthewild. Find out more at https://t.co/4vzA9Bo0Tc CVE-2024-50623 is getting exploited #inthewild. Find out more at https://t.co/nxYHjmvoLI
@inthewildio
16 Dec 2024
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/vxEGib1MvS https://t.co/qI89ipAagU
@Trej0Jass
16 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. https://t.co/0smP6X51vf @treguly #PatchTuesday #CyberSecurity
@TripwireInc
15 Dec 2024
298 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 𝐄𝐱𝐩𝐥𝐨𝐢𝐭 𝐅𝐨𝐮𝐧𝐝 According to PCMag, Microsoft released security updates for Windows 10 and 11 PCs on Tuesday addressing a high-severity bug actively exploited by attackers. The vulnerability, known as CVE-2024-49138, grants attackers… htt
@TechBuzzRecap
14 Dec 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft has released critical updates for Windows 10 and 11 to address a high-severity vulnerability that's been actively exploited. The flaw, CVE-2024-49138, is a "Common Log File System Driver Elevation of Privilege Vulnerability" that can allow attackers system privileges. h
@PCMag
14 Dec 2024
1801 Impressions
2 Retweets
6 Likes
2 Bookmarks
2 Replies
0 Quotes
📣 Patch Tuesday content packMicrosoft resolved 70 vulnerabilities, incl. 16 critical flaws + an exploited zero-day (CVE-2024-49138). Third-party vendors like Google, Cisco, & Apple also released critical updates. 🔗 Key resources: Patch insights: https://t.co/Ii2IvrcdBj… ht
@Action1corp
13 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CISA Alert! CVE-2024-49138 - Heap-Based Buffer Overflow Vulnerability in Microsoft Windows Common Log File System (CLFS) Driver. The flaw allows attackers to execute malicious code with elevated privileges, potentially compromising the target system. It is part…
@Loginsoft_Inc
13 Dec 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CISA Alert! CVE-2024-49138 - Heap-Based Buffer Overflow Vulnerability in Microsoft Windows Common Log File System (CLFS) Driver. The flaw allows attackers to execute malicious code with elevated privileges, potentially compromising the target system. It is part of
@Loginsoft_Inc
13 Dec 2024
15 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
𝐏𝐚𝐭𝐜𝐡 𝐓𝐮𝐞𝐬𝐝𝐚𝐲: 𝐃𝐞𝐜 𝟐𝟎𝟐𝟒 𝐑𝐞𝐥𝐞𝐚𝐬𝐞 Microsoft has released updates to patch over 70 security vulnerabilities across its Windows operating systems. One newly disclosed zero-day vulnerability, CVE-2024-49138, grants attackers elevated privileges on a… https
@TechBuzzRecap
13 Dec 2024
77 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🔴Important🔴 Microsoft has confirmed a critical zero-day vulnerability, identified as CVE-2024-49138, which is currently being exploited by malicious actors. This vulnerability involves a heap-based buffer overflow in the Windows Common Log File System driver, posing a… https:/
@DanielGatzOnX
12 Dec 2024
125 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft's warning for CVE-2024-49138 is a wake-up call for Windows users. Don't delay—get those updates now! Cybercriminals won't wait, and neither should you. Stay safe out there!
@RowanEmberfield
12 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/xpsz4tedFC https://t.co/DQESWIZga0
@ggrubamn
12 Dec 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Security Alert 🚨 A zero-day vulnerability (CVE-2024-49138) in the Windows CLFS Driver allows attackers to escalate to SYSTEM privileges and has been actively exploited. Microsoft included the patch in December's Patch Tuesday. Update your system now for protection.
@BJPFit
12 Dec 2024
91 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/gXuoIKcxrx https://t.co/tv8QxGM8J3
@IT_Peurico
12 Dec 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/gV8Qi0PcVL https://t.co/Xm3yrVhark
@pcasano
12 Dec 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Patch Tuesday special: CVE-2024-49138 already exploited in the wild! 🎉 Hyper-V, RDP, CLFS—everything's vulnerable. IT pros: “Patch it!” Threat actors: “Catch us if you can.” Patch now, or embrace ransomware roulette! https://t.co/ZN9vpZFm0B #AlphaHunt #CTI #PatchTuesday
@csirtgadgets
12 Dec 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/GN9pTCZpq1 https://t.co/2Jw2taRD6i
@Trej0Jass
12 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft’s December Patch Tuesday fixes 72 vulnerabilities, including a critical one actively exploited in the wild: CVE-2024-49138. Stay secure and up-to-date! 🔒 Ensure your systems are updated now. 🔗 Read more: https://t.co/Cn7w6rmNtP #PatchTuesday #Azefox
@We_Azefox
11 Dec 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft December 2024 Patch Tuesday: 73 Vulnerabilities Fixed 🔒 📢 Microsoft has addressed 73 vulnerabilities, including: 🔹 16 critical 🚨 🔹 54 important 🔹 1 actively exploited zero-day (CVE-2024-49138, CLFS driver). 💡 Zero-Day Alert: CVE-2024-49138 allows attackers to
@GHak2learn27752
11 Dec 2024
166 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch now: CVE-2024-49138 (CVSS 7.8), a moderate-severity flaw in the Windows Common Log File System (CLFS) Driver, is being exploited in cyberattacks. https://t.co/06VP0orEQG
@DarkReading
11 Dec 2024
54 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "2BD1D819-7D27-4181-9672-0F1DC6F15BA1",
"versionEndExcluding": "10.0.19044.5247"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6DF22110-AA81-4D46-BE27-A3F70112AD44",
"versionEndExcluding": "10.0.19044.5247"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "A374923B-799C-4057-9C77-DE03A20FF4FE",
"versionEndExcluding": "10.0.19044.5247"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "979EA48D-ED87-4852-B436-D730A9130BA9",
"versionEndExcluding": "10.0.19045.5247"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "1FA81A8A-13B7-4180-8F8E-9079F6C82353",
"versionEndExcluding": "10.0.19045.5247"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "9ACEFC50-0F9A-45DF-9002-B823DAE1FE97",
"versionEndExcluding": "10.0.19045.5247"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C928D5FD-9F91-4BC7-A151-76B72F9539B3",
"versionEndExcluding": "10.0.22621.4602"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "943E002C-645E-4AA0-B15A-621B79DF97A5",
"versionEndExcluding": "10.0.22621.4602"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "ED3FE198-9DED-4108-AFAC-3BBF93AC7779",
"versionEndExcluding": "10.0.22631.4602"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "3B0A1BFF-C699-4863-AAEC-0F304BB3255C",
"versionEndExcluding": "10.0.22631.4602"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "8F34994C-CF51-49A4-8985-9B0C6EF1C3A2",
"versionEndExcluding": "10.0.26100.2605"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "40E04CC5-22CA-4D16-9B1F-695277A5D83E",
"versionEndExcluding": "10.0.26100.2605"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "C0DC57FA-88F8-4D5C-94BD-3A8B1FB8C047"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605"
}
],
"operator": "OR"
}
]
}
]