Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
Microsoft Windows could allow a remote attacker to execute arbitrary code or BSOD the system, caused by a design flaw in the Network File System component.
Windows Ancillary Function Driver for WinSock is prone to a DoS because of an integer overflow.
A denial of service vulnerability exists in Point-to-Point Tunneling Protocol service when an unauthenticated attacker connects to the target system and sends specially crafted requests.
This bug could allow an attacker to gain code execution on an affected system by sending specially crafted packets to a system utilizing the HTTP Protocol Stack (http.sys) to process packets. No user interaction, no privileges required, and an elevated service add up to a wormable bug. And while this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug. Test and deploy this patch quickly.
This is a remote code execution vulnerability that impacts some versions of Windows 10 32-bit and 64-bit, Windows 11 64-bit, and Windows Server 2019, 2022. The HTTP Protocol Stack enables Windows and applications to communicate with other devices. If exploited, this vulnerability could enable an unauthenticated attacker to send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and ultimately, execute arbitrary code, and take control of the affected system.
This is a remote code execution vulnerability that impacts some versions of Windows 10 32-bit and 64-bit, Windows 11 64-bit, and Windows Server 2019, 2022. The HTTP Protocol Stack enables Windows and applications to communicate with other devices. If exploited, this vulnerability could enable an unauthenticated attacker to send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and ultimately, execute arbitrary code, and take control of the affected system.
This module leverages on a race condition in the Windows kernel using symbolic links to crash the system.
This update adds the CVE number
This update adds the CVE number
This module leverages on a race condition in the Windows kernel using symbolic links to crash the system.
This module exploits MODAPI.sys in MSI Dragon Center 2.0.104.0 which allows low-privileged users to write an arbitrary value to a Model-Specific Register (MSR) at the specified address.
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could cause a BlueScreen and reboot.
HTTP.sys has a use-after-free vulnerability that allows a remote attacker to crash the vulnerable machine.