Main Vulnerability Database SB20240312355

SB20240312355 - Code execution in Microsoft Windows USB Attached SCSI (UAS) Protocol

Published: March 12, 2024

Security Bulletin ID SB20240312355

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2024-21430)

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the Windows USB Attached SCSI (UAS) Protocol. An attacker with physical access can execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21430