| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Microsoft Defender | Critical | 23-04-2024 |
Technical Information
An authenticated attacker with necessary permissions to initiate the update process may send a malicious tar update package to the Defender for IoT over the network and after the extraction is complete, attacker may send unsigned update packages and overwrite any file they chose.
Patch release date: Apr 09, 2024
Further information on this vulnerability is available at : CVE-2024-21322
All the mentioned vulnerabilities are reported in Microsoft Defender and may have a similar impact.
CVE-2024-21323:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21323
CVE-2024-29053:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-29053