Microsoft Windows: CVE-2024-23594: Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager
6
(AV:L/AC:M/Au:M/C:C/I:C/A:C)
04/09/2024
04/10/2024
04/09/2024
08/13/2024
Description
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.
Solution(s)
- microsoft-windows-windows_10-1809-kb5036896
- microsoft-windows-windows_10-21h2-kb5036892
- microsoft-windows-windows_10-22h2-kb5036892
- microsoft-windows-windows_11-21h2-kb5036894
- microsoft-windows-windows_11-22h2-kb5036893
- microsoft-windows-windows_11-23h2-kb5036893
- microsoft-windows-windows_server_2019-1809-kb5036896
- microsoft-windows-windows_server_2022-21h2-kb5036909
- microsoft-windows-windows_server_2022-22h2-kb5036909
- microsoft-windows-windows_server_2022-23h2-kb5036910
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center