KLA65124 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Open Management Infrastructure (OMI) can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Open Management Infrastructure (OMI) can be exploited remotely to gain privileges.
3. A security feature bypass vulnerability in Microsoft Defender can be exploited remotely to bypass security restrictions.

Original advisories

CVE-2024-21334

CVE-2024-21330

CVE-2024-20671

Exploitation

Public exploits exist for this vulnerability.

Related products

Microsoft-Windows

Microsoft-System-Center-Operations-Manager

Windows-Defender

CVE list

CVE-2024-21334 critical

CVE-2024-21330 critical

CVE-2024-20671 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Windows Defender Antimalware PlatformSystem Center Operations Manager (SCOM) 2019System Center Operations Manager (SCOM) 2022