CERTFR-2024-AVI-0208
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Microsoft N/A Software pour Open Networking in the Cloud (SONiC) 202205 versions antérieures à 20220531.26
Microsoft N/A Microsoft Visual Studio 2022 version 17.9 versions antérieures à 17.9.3
Microsoft N/A Log Analytics Agent versions antérieures à OMS Agent for Linux GA v1.19.0
Microsoft N/A Open Management Infrastructure versions antérieures à OMI version 1.8.1-0
Microsoft N/A Microsoft Visual Studio 2022 version 17.4 versions antérieures à 17.4.17
Microsoft N/A Visual Studio Code versions antérieures à 1.87.2
Microsoft N/A Skype pour Consumer versions antérieures à 8.113
Microsoft N/A Microsoft Teams pour Android versions antérieures à 1.0.0.2024022302
Microsoft N/A System Center Operations Manager (SCOM) 2022 versions antérieures à 10.22.1070.0
Microsoft N/A Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17328.20136
Microsoft N/A Container Monitoring Solution versions antérieures à microsoft-oms-latest with full ID: sha256:855bfeb0
Microsoft N/A Software pour Open Networking in the Cloud (SONiC) 201911 versions antérieures à 20191130.89
Microsoft N/A Microsoft Exchange Server 2019 Cumulative Update 13 versions antérieures à 15.02.1258.032
Microsoft N/A System Center Operations Manager (SCOM) 2019 versions antérieures à 10.19.1253.0
Microsoft N/A Intune Company Portal pour Android versions antérieures à 2402
Microsoft N/A Microsoft Dynamics 365 (on-premises) version 9.1 versions antérieures à 9.1.26
Microsoft N/A Operations Management Suite Agent pour Linux (OMS) versions antérieures à 1.8.1-0
Microsoft N/A Microsoft SharePoint Server 2019 versions antérieures à 16.0.10408.20000
Microsoft N/A Software pour Open Networking in the Cloud (SONiC) 202012 versions antérieures à 20201231.96
Microsoft N/A Software pour Open Networking in the Cloud (SONiC) 201811 versions antérieures à 20181130.106
Microsoft N/A Microsoft Visual Studio 2022 version 17.6 versions antérieures à 17.6.13
Microsoft N/A Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5439.1000
Microsoft N/A Microsoft Exchange Server 2016 Cumulative Update 23 versions antérieures à 15.01.2507.037
Microsoft N/A Microsoft Visual Studio 2022 version 17.8 versions antérieures à 17.8.8
Microsoft N/A Microsoft Exchange Server 2019 Cumulative Update 14 versions antérieures à 15.02.1544.009
Microsoft N/A Microsoft Authenticator versions antérieures à 6.2401.0617
Microsoft N/A SQL Server backend pour Django versions antérieures à 1.4.1
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Software pour Open Networking in the Cloud (SONiC) 202205 versions ant\u00e9rieures \u00e0 20220531.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.9 versions ant\u00e9rieures \u00e0 17.9.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Log Analytics Agent versions ant\u00e9rieures \u00e0 OMS Agent for Linux GA v1.19.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Open Management Infrastructure versions ant\u00e9rieures \u00e0 OMI version 1.8.1-0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4 versions ant\u00e9rieures \u00e0 17.4.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code versions ant\u00e9rieures \u00e0 1.87.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Consumer versions ant\u00e9rieures \u00e0 8.113",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Teams pour Android versions ant\u00e9rieures \u00e0 1.0.0.2024022302",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System Center Operations Manager (SCOM) 2022 versions ant\u00e9rieures \u00e0 10.22.1070.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17328.20136",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Container Monitoring Solution versions ant\u00e9rieures \u00e0 microsoft-oms-latest with full ID: sha256:855bfeb0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Software pour Open Networking in the Cloud (SONiC) 201911 versions ant\u00e9rieures \u00e0 20191130.89",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 13 versions ant\u00e9rieures \u00e0 15.02.1258.032",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System Center Operations Manager (SCOM) 2019 versions ant\u00e9rieures \u00e0 10.19.1253.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Intune Company Portal pour Android versions ant\u00e9rieures \u00e0 2402",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1 versions ant\u00e9rieures \u00e0 9.1.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Management Suite Agent pour Linux (OMS) versions ant\u00e9rieures \u00e0 1.8.1-0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10408.20000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Software pour Open Networking in the Cloud (SONiC) 202012 versions ant\u00e9rieures \u00e0 20201231.96",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Software pour Open Networking in the Cloud (SONiC) 201811 versions ant\u00e9rieures \u00e0 20181130.106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.6 versions ant\u00e9rieures \u00e0 17.6.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5439.1000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23 versions ant\u00e9rieures \u00e0 15.01.2507.037",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.8 versions ant\u00e9rieures \u00e0 17.8.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 14 versions ant\u00e9rieures \u00e0 15.02.1544.009",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Authenticator versions ant\u00e9rieures \u00e0 6.2401.0617",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server backend pour Django versions ant\u00e9rieures \u00e0 1.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-21392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21392"
    },
    {
      "name": "CVE-2024-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21426"
    },
    {
      "name": "CVE-2024-21390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21390"
    },
    {
      "name": "CVE-2024-21419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21419"
    },
    {
      "name": "CVE-2024-26198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26198"
    },
    {
      "name": "CVE-2024-21448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21448"
    },
    {
      "name": "CVE-2024-21411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21411"
    },
    {
      "name": "CVE-2024-26165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26165"
    },
    {
      "name": "CVE-2024-21334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21334"
    },
    {
      "name": "CVE-2024-21330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21330"
    },
    {
      "name": "CVE-2024-21418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21418"
    },
    {
      "name": "CVE-2024-26164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26164"
    },
    {
      "name": "CVE-2024-26201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26201"
    },
    {
      "name": "CVE-2024-26190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26190"
    }
  ],
  "initial_release_date": "2024-03-13T00:00:00",
  "last_revision_date": "2024-03-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21418 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21418"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21448 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21390 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21390"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21334 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21392 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26201 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26201"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26198 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26190 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21411 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21419 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21426 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21330 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26164 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26164"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26165 du 12 mars 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26165"
    }
  ],
  "reference": "CERTFR-2024-AVI-0208",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft les produits Microsoft du 12 mars 2024",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.