{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T15:01:30.783","vulnerabilities":[{"cve":{"id":"CVE-2024-21302","sourceIdentifier":"secure@microsoft.com","published":"2024-08-08T02:15:37.827","lastModified":"2025-07-10T17:15:38.117","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Summary:\nAs of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerability.\nAn elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.\nUpdate: July 10, 2025\nMicrosoft has addressed this vulnerability for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in KB5042562: Guidance for blocking rollback of virtualization-based security related updates.\nUpdate: August 13, 2024\nMicrosoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.\nDetails:\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.\nThe vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302"},{"lang":"es","value":"Resumen: Se notificó a Microsoft que existe una vulnerabilidad de elevación de privilegios en sistemas basados en Windows que admiten seguridad basada en virtualización (VBS), incluido un subconjunto de SKUS de máquinas virtuales de Azure; permitir que un atacante con privilegios de administrador reemplace las versiones actuales de los archivos del sistema de Windows con versiones obsoletas. Al explotar esta vulnerabilidad, un atacante podría reintroducir vulnerabilidades previamente mitigadas, eludir algunas características de VBS y filtrar datos protegidos por VBS. Microsoft está desarrollando una actualización de seguridad para mitigar esta amenaza, pero aún no está disponible. En la sección Acciones recomendadas de este CVE se proporciona orientación para ayudar a los clientes a reducir los riesgos asociados con esta vulnerabilidad y proteger sus sistemas hasta que la mitigación esté disponible en una actualización de seguridad de Windows. Este CVE se actualizará cuando la mitigación esté disponible en una actualización de seguridad de Windows. Recomendamos encarecidamente a los clientes que se suscriban a las notificaciones de la Guía de actualización de seguridad para recibir una alerta cuando se produzca esta actualización."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.10240.20710","matchCriteriaId":"2FC29448-7141-4214-9649-CED500988576"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.10240.20710","matchCriteriaId":"E75CE9C1-0E1A-428C-BCD0-93101BACE69B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.7259","matchCriteriaId":"FA0304FD-3109-4A15-A2BC-CB1AA66C7877"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.7259","matchCriteriaId":"02BC3C30-4E56-47F1-950A-FC7D71FFB11C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.6189","matchCriteriaId":"C0893DB0-24BA-41A1-907E-8B6F66741A0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19044.4780","matchCriteriaId":"8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19045.4780","matchCriteriaId":"3F9C3ED0-C639-42B9-8512-5CAD50B7095B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22000.3147","matchCriteriaId":"66EC161E-9908-4511-933C-727D46A8271E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22621.4037","matchCriteriaId":"EE5B452D-B921-4E5F-9C79-360447CD3BF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22631.4037","matchCriteriaId":"B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.1457","matchCriteriaId":"39CF5041-1FEC-420E-9D73-F78CC9C091C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.1457","matchCriteriaId":"836AD97E-1760-48F1-9667-8E0B9F170E15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.7259","matchCriteriaId":"7CA31F69-6718-4968-8B0D-88728179F3CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.6189","matchCriteriaId":"A2267317-26DF-4EB8-A7EA-EA467727DA71"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.2655","matchCriteriaId":"8E3975C0-EA3C-4B85-94BC-43BA94474FCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.25398.1085","matchCriteriaId":"094C36FE-9CCB-4148-AA0F-5727D6933768"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}}]}