Windows 10: When will CVE-2024-7264 be remediated?

Discus and support When will CVE-2024-7264 be remediated? in Windows 10 Software and Apps to solve the problem; This is affecting Windows 2019 server and no fix has been put out for months. What is the timeline on this?libcurl's ASN1 parser code has the... Discussion in 'Windows 10 Software and Apps' started by Shaq Benjamin, Apr 23, 2025 at 11:52 AM.

  1. SHAQ BENJAMIN
    Shaq Benjamin Win User

    When will CVE-2024-7264 be remediated?


    This is affecting Windows 2019 server and no fix has been put out for months. What is the timeline on this?libcurl's ASN1 parser code has the `GTime2str` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen` getting performed on a pointer to a heap buffer area that is not purposely null terminated.This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO]https://curl.se/

    :)
     
    Shaq Benjamin, Apr 23, 2025 at 11:52 AM
    #1
  2. QUINTINMORGAN
    QuintinMorgan Win User

    Microsoft June 2024 Security Updates

    Is there any information on whether Microsoft will publish the following CVEs to the Security Update guide?

    CVE-2024-5830

    CVE-2024-5831

    CVE-2024-5832

    CVE-2024-5833

    CVE-2024-5834

    CVE-2024-5835

    CVE-2024-5836

    CVE-2024-5837

    CVE-2024-5838

    CVE-2024-5839

    CVE-2024-5840

    CVE-2024-5841

    CVE-2024-5842

    CVE-2024-5843

    CVE-2024-5844

    CVE-2024-5845

    CVE-2024-5846

    CVE-2024-5847
     
    QuintinMorgan, Apr 23, 2025 at 11:59 AM
    #2
  3. GERALD PERREIRA
    Gerald Perreira Win User
    security updates will not download cve-2024-30078

    windows update security will not download update CVE-2024-30078 and logofail update
     
    Gerald Perreira, Apr 23, 2025 at 11:59 AM
    #3
  4. NICK ADSL UK
    NICK ADSL UK Win User

    When will CVE-2024-7264 be remediated?

    Microsoft January 2024 Security Updates

    January 2024 Security Updates

    This release consists of the following 48 Microsoft CVEs:

    Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

    SQL Server CVE-2024-0056

    .NET and Visual Studio CVE-2024-0057

    Windows Scripting CVE-2024-20652

    Windows Common Log File System Driver CVE-2024-20653

    Windows ODBC Driver CVE-2024-20654

    Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20655

    Visual Studio CVE-2024-20656

    Windows Group Policy CVE-2024-20657

    Microsoft Virtual Hard Drive CVE-2024-20658

    Windows Message Queuing CVE-2024-20660

    Windows Message Queuing CVE-2024-20661

    Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2024-20662

    Windows Message Queuing CVE-2024-20663

    Windows Message Queuing CVE-2024-20664

    Windows BitLocker CVE-2024-20666

    .NET Core & Visual Studio CVE-2024-20672

    Windows Authentication Methods CVE-2024-20674

    Azure Storage Mover CVE-2024-20676

    Microsoft Office CVE-2024-20677

    Windows Message Queuing CVE-2024-20680

    Windows Subsystem for Linux CVE-2024-20681

    Windows Cryptographic Services CVE-2024-20682

    Windows Win32K CVE-2024-20683

    Windows Win32 Kernel Subsystem CVE-2024-20686

    Windows AllJoyn API CVE-2024-20687

    Windows Nearby Sharing CVE-2024-20690

    Windows Themes CVE-2024-20691

    Windows Local Security Authority Subsystem Service (LSASS) CVE-2024-20692

    Windows Collaborative Translation Framework CVE-2024-20694

    Windows Libarchive CVE-2024-20696

    Windows Libarchive CVE-2024-20697

    Windows Kernel CVE-2024-20698

    Windows Hyper-V CVE-2024-20699

    Windows Hyper-V CVE-2024-20700

    Unified Extensible Firmware Interface CVE-2024-21305

    Microsoft Bluetooth Driver CVE-2024-21306

    Remote Desktop Client CVE-2024-21307

    Windows Kernel-Mode Drivers CVE-2024-21309

    Windows Cloud Files Mini Filter Driver CVE-2024-21310

    Windows Cryptographic Services CVE-2024-21311

    .NET Framework CVE-2024-21312

    Windows TCP/IP CVE-2024-21313

    Windows Message Queuing CVE-2024-21314

    Windows Server Key Distribution Service CVE-2024-21316

    Microsoft Office SharePoint CVE-2024-21318

    Microsoft Identity Services CVE-2024-21319

    Windows Themes CVE-2024-21320

    Microsoft Devices CVE-2024-21325

    We are republishing 5 non-Microsoft CVEs:

    CNA Tag CVE FAQs? Workarounds? Mitigations?

    MITRE Corporation SQLite CVE-2022-35737

    Chrome Microsoft Edge (Chromium-based) CVE-2024-0222

    Chrome Microsoft Edge (Chromium-based) CVE-2024-0223

    Chrome Microsoft Edge (Chromium-based) CVE-2024-0224

    Chrome Microsoft Edge (Chromium-based) CVE-2024-0225

    Security Update Guide Blog Posts

    Date Blog Post

    January 11, 2022 Coming Soon: New Security Update Guide Notification System

    February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

    January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

    December 8, 2020 Security Update Guide: Let’s keep the conversation going

    November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

    Relevant Resources

    • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    Known Issues

    You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

    For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To

    nstalls KB Article Title

    5034121 Windows 11, version 21H2

    5034122 Windows 10, version 21H2, Windows 10, version 22H2

    5034123 Windows 11, version 22H2, Windows 11, version 23H2

    5034127 Windows 10, version 1809, Windows Server 2019

    5034167 Windows Server 2008 R2 (Security-only update)

    5034169 Windows Server 2008 R2 (Monthly Rollup)

    5034173 Windows Server 2008 (Monthly Rollup)

    5034176 Windows Server 2008 (Security-only update)

    Released: Jan 9, 2024

    January 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
     
    NICK ADSL UK, Apr 23, 2025 at 11:59 AM
    #4
Thema:

When will CVE-2024-7264 be remediated?

Loading...

  1. When will CVE-2024-7264 be remediated? - Similar Threads - CVE 2024 7264

  2. When will CVE-2024-7264 be remediated?

    in Windows 10 Gaming
    When will CVE-2024-7264 be remediated?: This is affecting Windows 2019 server and no fix has been put out for months. What is the timeline on this?libcurl's ASN1 parser code has the `GTime2str` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might...

  3. CVE-2024-38063 patch for Windows 11 23H2

    in Windows 10 Software and Apps
    CVE-2024-38063 patch for Windows 11 23H2: I have Windows 11 23H2 and it says OS is up to date but this particular KB5041585 patch was not on the add/remove update list or other KB related to CVE-2024-38063. Do i missing something?...

  4. CVE-2024-38063 patch for Windows 11 23H2

    in Windows 10 Gaming
    CVE-2024-38063 patch for Windows 11 23H2: I have Windows 11 23H2 and it says OS is up to date but this particular KB5041585 patch was not on the add/remove update list or other KB related to CVE-2024-38063. Do i missing something?...

  5. Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable

    in Windows 10 Gaming
    Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable: Good day all,Not sure if the community is aware, but even though we are patched with this KB. It is being flagged as vulnerable per below. Is there a fix or any insight as to why it's still being flagged? Thank you.This is being picked up by Crowdstrike...

  6. Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable

    in Windows 10 Software and Apps
    Security Update KB5040442 - CVE-2024-38051 - Still Vulnerable: Good day all,Not sure if the community is aware, but even though we are patched with this KB. It is being flagged as vulnerable per below. Is there a fix or any insight as to why it's still being flagged? Thank you.This is being picked up by Crowdstrike...

  7. security updates will not download cve-2024-30078

    in Windows 10 Software and Apps
    security updates will not download cve-2024-30078: windows update security will not download update CVE-2024-30078 and logofail update https://answers.microsoft.com/en-us/windows/forum/all/security-updates-will-not-download-cve-2024-30078/9dc409d8-c112-40e5-a279-c9cd6cb682f0

  8. security updates will not download cve-2024-30078

    in Windows 10 Gaming
    security updates will not download cve-2024-30078: windows update security will not download update CVE-2024-30078 and logofail update https://answers.microsoft.com/en-us/windows/forum/all/security-updates-will-not-download-cve-2024-30078/9dc409d8-c112-40e5-a279-c9cd6cb682f0

  9. CVE-2020-1425 and CVE-2020-1457

    in Windows 10 News
    CVE-2020-1425 and CVE-2020-1457: Windows Codec Library vulnerabilities. Fixes auto-updated via Microsoft Store, not WU. https://portal.msrc.microsoft.com/en.../CVE-2020-1425 and https://portal.msrc.microsoft.com/en.../CVE-2020-1457 159755

  10. Remediation Incomplete on Win32/CVE-2010-3333.AF -- Now what?

    in AntiVirus, Firewalls and System Security
    Remediation Incomplete on Win32/CVE-2010-3333.AF -- Now what?: A Windows Defender scan found this "Exploit" calling it "Severe." See image below. Then it reads: Status: Failed This threat or app might not be completely remeditated. I've run scans with Microsoft Malicious Software Remover, MS Safety Scan, and House Call, none of...