The remote Windows host is missing security update 5048661. It is, therefore, affected by multiple vulnerabilities

  - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (CVE-2024-49074)

  - Input Method Editor (IME) Remote Code Execution Vulnerability (CVE-2024-49079)

  - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-49090)

  - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2024-49112)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5048661: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2024)

critical Nessus Plugin ID 212239

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Dec 13, 2024, 12:03 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202412131203
Version 1.3 Dec 12, 2024, 9:55 AM CVSSv2 score source (changed from "CVE-2024-49112" to "CVE-2024-49125") CVSSv3 score source (set to "CVE-2024-49112") Plugin Feed: 202412120955
Version 1.2 Dec 11, 2024, 4:10 AM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202412110410
Version 1.1 Dec 10, 2024, 11:23 PM New Plugin Feed: 202412102323