AI description
CVE-2024-49039 is a privilege escalation vulnerability found within the Windows Task Scheduler service. This flaw enables a low-privileged user to perform an AppContainer escape, allowing them to execute code at Medium integrity. Upon successful exploitation, an attacker can elevate their privileges, gaining access to system resources that would typically be restricted and executing remote procedure call (RPC) functions. This vulnerability has been actively exploited in the wild, with some reports attributing its exploitation to advanced persistent threat (APT) groups or nation-state actors.
- Description
- Windows Task Scheduler Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 6
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
- Exploit added on
- Nov 12, 2024
- Exploit action due
- Dec 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-287
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
以下の4脆弱性がランサムウェアに悪用されたことが確認された。米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。 - Windowsの権限昇格CVE-2024-49039, CVE-2024-30088 - Cy
@__kokumoto
29 Jan 2026
2771 Impressions
6 Retweets
36 Likes
16 Bookmarks
0 Replies
0 Quotes
利用use-after-free漏洞(CVE-2024-9680)和沙箱逃逸/权限提升漏洞(CVE-2024-49039),从低完整性级别(Low Integrity Level)提升至SYSTEM级别。 在同一漏洞仍为零日时,利用相同漏洞通过加密货币新闻网站的水坑攻击(Watering
@Struggle_621
21 Jul 2025
3161 Impressions
0 Retweets
12 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-43451 and CVE-2024-49039
@transilienceai
6 Jun 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Zero-Day Spotlight on CVE-2024-44308, CVE-2024-44309, and CVE-2024-49039 Unidentified Actor Using the Same Exploits. https://t.co/VzoHLeSdzj https://t.co/M1dGF3PyEq
@blackorbird
30 Apr 2025
1345 Impressions
0 Retweets
10 Likes
3 Bookmarks
0 Replies
0 Quotes
A Zero-Day Spotlight on CVE-2024-44308, CVE-2024-44309, and CVE-2024-49039: A look into zero-days discovered by GTIG researchers. Unidentified Actor Using the Same Exploits. https://t.co/VzoHLeSdzj https://t.co/48me7feAzD
@blackorbird
30 Apr 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy April Fool's Day! For anyone looking for in-the-wild samples for CVE-2024-9680 & CVE-2024-49039 fullchain in Firefox, here is one of them(with some missing information): https://t.co/Mt9t0NFWxb
@jq0904
1 Apr 2025
2816 Impressions
5 Retweets
27 Likes
11 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time | 15-02-2025 Source: https://t.co/p7Shx8IIy0 Key details below ↓ 💀Threats: Lockbit, Glupteba, Romcom_rat, 🔓CVEs: CVE-2024-49039 \[[Vulners](https://t.co/EFNC8EcyZn)] - CVSS V3.1:…
@rst_cloud
15 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/JxXsmCb7w8 https://t.co/TxtPcFl50p
@NickBla41002745
13 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49039로 식별된 Windows 작업 스케줄러의 중대한 제로데이 취약성 에 대한 개념 증명(PoC) 익스플로잇이 공개되었습니다 . 야생에서 활발하게 악용되고 있는 이 권한 상승 결함은 전 세계 Windows 사용자에게 상당한 위협을 가하고 있습니다.
@YoonjaeN21
9 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/f42l3yqRbw https://t.co/TjBVukkrIB
@Trej0Jass
8 Dec 2024
175 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/nCSTIcMMoQ https://t.co/s4oP1QICCW
@NickBla41002745
6 Dec 2024
160 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - je5442804/WPTaskScheduler_CVE-2024-49039: WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler
@CyberM4te
6 Dec 2024
157 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-49039: Windows Task Scheduler EoP https://t.co/EGadnpuUwM 2. CVE-2024-44308: Apple Safari JavaScriptCore RCE https://t.co/ixNxb7ZROn 3. CVE-2024-8672: Authenticated Contributor RCE in Widget Options Plugin https://t.co/4Z7DoclzIe
@akaclandestine
5 Dec 2024
1171 Impressions
6 Retweets
13 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨 RomCom Group Exploits Critical Zero-Days!🚨 CVE-2024-9680 (Firefox) CVE-2024-49039 (Windows) #CyberSecurity #ZeroDay #RomComGroup #infosec https://t.co/WtjLbdLV4T
@decrypting_sec
5 Dec 2024
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49039: Windows Task Scheduler EoP https://t.co/syDh3T8wKU
@ShaiiikShoaiiib
4 Dec 2024
94 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
#exploit 1. CVE-2024-49039: Windows Task Scheduler EoP https://t.co/bnmDNN2g0C 2. CVE-2024-44308: Apple Safari JavaScriptCore RCE https://t.co/Dtori8bcJ7 3. CVE-2024-8672: Authenticated Contributor RCE in Widget Options Plugin https://t.co/DHCWp89DtD
@ksg93rd
4 Dec 2024
1333 Impressions
10 Retweets
29 Likes
17 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/dKp5G0TR3P https://t.co/lzoDqvH31f
@pcasano
4 Dec 2024
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Files in Word; Sat Receiver DDoS Agent; Veeam Vuln; CVE-2024-49039 PoC; https://t.co/h8cH1CGets https://t.co/yaFgpD8y1C
@sans_isc
4 Dec 2024
1753 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/lxKOiRN55s https://t.co/RphAU50zi2
@IT_Peurico
3 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group https://t.co/XRrouZUz7O
@Dinosn
3 Dec 2024
11190 Impressions
67 Retweets
191 Likes
97 Bookmarks
2 Replies
3 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/iASd6FaQgC https://t.co/pQasmud8Ez
@TechMash365
3 Dec 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsタスクスケジューラのゼロデイ脆弱性CVE-2024-49039に対応するPoC(攻撃の概念実証コード)が公開された。CVE-2024-49039は権限昇格の脆弱性。既にサイバー犯罪集団RomComにより悪用されている。 https://t.co/YvsKNA3PUJ
@__kokumoto
3 Dec 2024
1166 Impressions
3 Retweets
16 Likes
8 Bookmarks
1 Reply
0 Quotes
The latest Patch Tuesday update includes a dangerous Windows Task Scheduler vulnerability (CVE-2024-49039) that could give attackers elevated access to your systems. Protect your infrastructure by applying this patch immediately. https://t.co/5H4iv6HVdb
@Shift6Security
2 Dec 2024
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft's November Patch Tuesday addresses 89 vulnerabilities, including 2 zero-days actively exploited. CVE-2024-49039 impacts Task Scheduler. #Microsoft #cybersecurity https://t.co/7L2akYUhqw
@coulter_johnson
1 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
3/11 Understand the severity of CVE-2024-49039 in @Windows Task Scheduler, leading to privilege escalation. @Microsoft has patched it, but what's the real damage? #WindowsSecurity #CyberDefense ⚠️
@Eth1calHackrZ
30 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/RDNXmXNeK4 https://t.co/iSot4XacYA
@Art_Capella
29 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/T7yfIurPol https://t.co/HBPpPCNfJc
@dansantanna
29 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/mDmm3KmWob https://t.co/4T8VA9WxIo
@Trej0Jass
29 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTA CRÍTICA DE CIBERSEGURIDAD 🚨 Detectado ataque del grupo ruso RomCom usando Firefox/Thunderbird: Vulnerabilidad zero-click No requiere interacción Afecta empresas en 🇪🇸 y 🇲🇽 Instala backdoor para espionaje CVE-2024-9680 / CVE-2024-49039 🧵[1/2]
@LeonelM41262107
28 Nov 2024
32 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) | 27-11-2024 Source: https://t.co/B4r38QE6R3 Key details below ↓ https://t.co/jXyrAKrhpS
@rst_cloud
28 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A research by #ESET has discovered that there have been multiple attacks using the recently reported CVE-2024-9680 and CVE-2024-49039 #vulnerabilities for #Firefox and #Windows https://t.co/dhAZiyvafK
@anemboca
27 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) https://t.co/kOi98IW9Ur #security #feedly
@go_stripe
27 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability has been found within Windows Task Scheduler that enables privilege escalation through improper authentication - get the rundown on CVE-2024-49039 here. 🔗https://t.co/VxDi7U3hq5 #itsecurity #cybersecurity
@TrueFort
27 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Russian hackers exploited Firefox (CVE-2024-9680, CVSS 9.8) & Windows (CVE-2024-49039, CVSS 8.8) zero-days to run malicious code. Discovered Oct 8 by ESET. Patches: Mozilla (24hrs), Microsoft (Nov 12, KB5046612). Update now! 🔒#Cybersecurity Source: https://t.co/wvEK7p3r
@ANlKsaha
27 Nov 2024
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RomCom (Storm-0978) exploited @firefox (CVE-2024-9680) & @Windows (CVE-2024-49039) zero-days. - CVE-2024-9680: RCE in Firefox’s content process, bypassing Tor Browser sandbox. No interaction, low complexity. - CVE-2024-49039: Code execution outside sandbox via Windows task
@cybercitizen7
27 Nov 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) & Windows (CVE-2024-49039) with No User Interaction Delve into the details of RomCom's sophisticated cyberattack, exploiting zero-day vulnerabilities in Firefox and Windows. https://t.co/Gy6CLvJMTv
@the_yellow_fall
27 Nov 2024
1053 Impressions
8 Retweets
20 Likes
8 Bookmarks
0 Replies
0 Quotes
Russian RomCom is exploiting twin bugs #Romcom #CVE-2024-9680 #CVE-2024-49039 https://t.co/bLzDJUnt4t
@pravin_karthik
27 Nov 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom sfrutta vulnerabilità zero-day in Firefox e Windows Sicurezza Informatica, CVE-2024-49039, CVE-2024-9680, cybercrime, Mozilla Firefox, romcom, sandbox escape, windows, zero-day https://t.co/t0HyMAHBla https://t.co/AgOwf5PbAu
@matricedigitale
26 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE in Mozilla and Privilege Escalation in MS Windows: New Kill Chain Used in the Wild by Threat Actor. Make sure you patch your OS and web browser now! 💻 🦊 🔥 CVE-2024-9680 (CVSS score: 9.8) Firefox CVE-2024-49039 (CVSS score: 8.8) Windows Research: https://t.co/3xL7RSfWgL h
@it4sec
26 Nov 2024
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
Threat report for CVE-2024-49039 continued.... Detections/Hunting Queries Microsoft Defender Vulnerability Management Microsoft Defender Vulnerability Management surfaces devices vulnerable to the following security issues in the Endpoints exposure tab of this report:… https://t.
@no1RedTeam
25 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
November 2024 Microsoft Patch Tuesday Summary 4 zero-day vulnerabilities addressed: Two of which with CVE-2024-49039 and CVE-2024-43451 exploited in the wild. #PatchNOW #cybersecurity #Windows #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach htt
@haker_teach
23 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-49039
@transilienceai
21 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/KtgRSaHTBo https://t.co/rbZI1xAFug
@NickBla41002745
20 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49039 is getting exploited #inthewild. Find out more at https://t.co/AJsoh7ru2y CVE-2024-4741 is getting exploited #inthewild. Find out more at https://t.co/UGfCxJVbNl CVE-2024-9465 is getting exploited #inthewild. Find out more at https://t.co/qeG2n7ew9k
@inthewildio
19 Nov 2024
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat report for CVE-2024-49039 continued... Microsoft CTI has the following to say: Exploitation Activity Microsoft Threat Intelligence has observed exploitation of this vulnerability in the wild prior to disclosure, including mid-October exploitation activity leading to… ht
@no1RedTeam
19 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New threat report! This is what Microsoft CTI has to say about CVE-2024-49039 - Windows Task Scheduler A Windows sandbox escape vulnerability exists in the Windows Task Scheduler remote procedure call (RPC) interface. A threat actor must have access to a compromised system to…
@no1RedTeam
18 Nov 2024
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw (CVE-2024-49039) - https://t.co/yyioShZw9q
@SecurityWeek
13 Nov 2024
2316 Impressions
10 Retweets
20 Likes
2 Bookmarks
1 Reply
0 Quotes
Microsoft warns of active exploits targeting vulnerabilities in NTLM (CVE-2024-43451) and Task Scheduler (CVE-2024-49039), which could lead to NTLMv2 hash disclosure and privilege escalation. For details, see the November Patch Tuesday update: https://t.co/meHAJePOJX #infosec
@khashayar_nzk
13 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/mTDIXUJouZ https://t.co/YwIjps6XaW
@secured_cyber
13 Nov 2024
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/SR9Hd87GS5 https://t.co/EZr8fNOq1l
@secured_cyber
13 Nov 2024
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "94D57126-EC8D-4898-A5FE-D7EB6463B634",
"versionEndExcluding": "10.0.10240.20826"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "54AA8A1F-0EAD-406A-A4AF-B86C316D1089",
"versionEndExcluding": "10.0.10240.20826"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "86F8F1B2-C206-4CD6-83C6-C450329CEE10",
"versionEndExcluding": "10.0.14393.7515"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "FCBE6103-075E-4841-836D-4E0D630E99FF",
"versionEndExcluding": "10.0.14393.7515"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "81C732A1-CC0F-4633-B00D-473869E77DB9",
"versionEndExcluding": "10.0.17763.6532"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AF9C20B8-CB5E-46C9-B041-D6A42C26703B",
"versionEndExcluding": "10.0.17763.6532"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82E3AC46-9D0D-4381-93EE-FE87C212040A",
"versionEndExcluding": "10.0.14393.7515"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A43E1F6C-B2A7-4DEC-B4EC-04153746C42B",
"versionEndExcluding": "10.0.17763.6532"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314"
}
],
"operator": "OR"
}
]
}
]