Skip to main content

Hitachi
Contact UsContact Us

July 5, 2024
Hitachi, Ltd.

Hitachi Disk Array Systems have the following vulnerability.

Security Information ID

hitachi-sec-2024-304

Vulnerability description

CVE-2022-0001
Branch History Injection
CVE-2024-20665
BitLocker Security Feature Bypass Vulnerability
CVE-2024-20669
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20678
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2024-20693
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21409
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2024-21447
Windows Authentication Elevation of Privilege Vulnerability
CVE-2024-23593
Zero Out Boot Manager and drop to UEFI Shell
CVE-2024-23594
Stack Buffer Overflow in Lenovo system recovery boot manager
CVE-2024-26158
Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2024-26168
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26171
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26172
Windows DWM Core Library Information Disclosure Vulnerability
CVE-2024-26175
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26179
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26180
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26183
Windows Kerberos Denial of Service Vulnerability
CVE-2024-26189
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26194
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26200
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26205
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26207
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26208
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-26209
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2024-26210
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26211
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2024-26214
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26217
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26218
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26219
HTTP.sys Denial of Service Vulnerability
CVE-2024-26220
Windows Mobile Hotspot Information Disclosure Vulnerability
CVE-2024-26228
Windows Cryptographic Services Security Feature Bypass Vulnerability
CVE-2024-26229
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2024-26230
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26232
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-26234
Proxy Driver Spoofing Vulnerability
CVE-2024-26237
Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2024-26239
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26240
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26241
Win32k Elevation of Privilege Vulnerability
CVE-2024-26242
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26243
Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-26244
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26245
Windows SMB Elevation of Privilege Vulnerability
CVE-2024-26248
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-26250
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26252
Windows rndismp6.sys Remote Code Execution Vulnerability
CVE-2024-26253
Windows rndismp6.sys Remote Code Execution Vulnerability
CVE-2024-26254
Microsoft Virtual Machine Bus (VM Bus) Denial of Service Vulnerability
CVE-2024-26255
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28896
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28897
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28898
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28900
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28901
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28902
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28903
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28919
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28920
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28921
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28922
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28923
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28924
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28925
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29050
Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-29052
Windows Storage Elevation of Privilege Vulnerability
CVE-2024-29061
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29062
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29064
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability

Affected products

The following table shows the affected products.

Product
Name
Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H
Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H
Vulnerability
ID

[Windows 10 for x64-based Systems (Version1809)]

CVE-2022-0001, CVE-2024-20665, CVE-2024-20669, CVE-2024-20678,
CVE-2024-20693, CVE-2024-21409, CVE-2024-23593, CVE-2024-23594,
CVE-2024-26158, CVE-2024-26168, CVE-2024-26171, CVE-2024-26172,
CVE-2024-26175, CVE-2024-26179, CVE-2024-26180, CVE-2024-26183,
CVE-2024-26189, CVE-2024-26194, CVE-2024-26200, CVE-2024-26205,
CVE-2024-26207, CVE-2024-26208, CVE-2024-26209, CVE-2024-26210,
CVE-2024-26211, CVE-2024-26214, CVE-2024-26217, CVE-2024-26218,
CVE-2024-26219, CVE-2024-26220, CVE-2024-26228, CVE-2024-26229,
CVE-2024-26230, CVE-2024-26232, CVE-2024-26234, CVE-2024-26237,
CVE-2024-26239, CVE-2024-26240, CVE-2024-26241, CVE-2024-26242,
CVE-2024-26244, CVE-2024-26248, CVE-2024-26250, CVE-2024-26252,
CVE-2024-26253, CVE-2024-26254, CVE-2024-26255, CVE-2024-28896,
CVE-2024-28897, CVE-2024-28898, CVE-2024-28900, CVE-2024-28901,
CVE-2024-28902, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920,
CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924,
CVE-2024-28925, CVE-2024-29050, CVE-2024-29061, CVE-2024-29062,
CVE-2024-29064, CVE-2024-29988

[Windows 10 for x64-based Systems (Version21H2)]

CVE-2022-0001, CVE-2024-20665, CVE-2024-20669, CVE-2024-20678,
CVE-2024-20693, CVE-2024-21409, CVE-2024-21447, CVE-2024-23593,
CVE-2024-23594, CVE-2024-26158, CVE-2024-26168, CVE-2024-26171,
CVE-2024-26172, CVE-2024-26175, CVE-2024-26179, CVE-2024-26180,
CVE-2024-26183, CVE-2024-26189, CVE-2024-26194, CVE-2024-26200,
CVE-2024-26205, CVE-2024-26207, CVE-2024-26208, CVE-2024-26209,
CVE-2024-26210, CVE-2024-26211, CVE-2024-26214, CVE-2024-26217,
CVE-2024-26218, CVE-2024-26219, CVE-2024-26220, CVE-2024-26228,
CVE-2024-26229, CVE-2024-26230, CVE-2024-26232, CVE-2024-26234,
CVE-2024-26237, CVE-2024-26239, CVE-2024-26240, CVE-2024-26241,
CVE-2024-26242, CVE-2024-26243, CVE-2024-26244, CVE-2024-26248,
CVE-2024-26250, CVE-2024-26252, CVE-2024-26253, CVE-2024-26254,
CVE-2024-26255, CVE-2024-28896, CVE-2024-28897, CVE-2024-28898,
CVE-2024-28900, CVE-2024-28901, CVE-2024-28902, CVE-2024-28903,
CVE-2024-28919, CVE-2024-28920, CVE-2024-28921, CVE-2024-28922,
CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29050,
CVE-2024-29052, CVE-2024-29061, CVE-2024-29062, CVE-2024-29064,
CVE-2024-29988
Product
Name
Hitachi Virtual Storage Platform G1000, G1500
Hitachi Virtual Storage Platform F1500
Hitachi Virtual Storage Platform VX7
Vulnerability
ID
CVE-2022-0001, CVE-2024-20665, CVE-2024-20669, CVE-2024-20678,
CVE-2024-20693, CVE-2024-26158, CVE-2024-26168, CVE-2024-26171,
CVE-2024-26175, CVE-2024-26179, CVE-2024-26180, CVE-2024-26183,
CVE-2024-26189, CVE-2024-26194, CVE-2024-26200, CVE-2024-26205,
CVE-2024-26207, CVE-2024-26208, CVE-2024-26209, CVE-2024-26210,
CVE-2024-26211, CVE-2024-26214, CVE-2024-26217, CVE-2024-26220,
CVE-2024-26228, CVE-2024-26229, CVE-2024-26230, CVE-2024-26232,
CVE-2024-26234, CVE-2024-26239, CVE-2024-26240, CVE-2024-26241,
CVE-2024-26242, CVE-2024-26244, CVE-2024-26245, CVE-2024-26248,
CVE-2024-26250, CVE-2024-26252, CVE-2024-26253, CVE-2024-28896,
CVE-2024-28897, CVE-2024-28898, CVE-2024-28900, CVE-2024-28901,
CVE-2024-28902, CVE-2024-28903, CVE-2024-28919, CVE-2024-28921,
CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925,
CVE-2024-29050, CVE-2024-29061, CVE-2024-29062, CVE-2024-29064

The following products are not affected by the vulnerabilities:

  • Hitachi Virtual Storage Platform E590, E790, E990, E1090, E590H, E790H, E1090H
  • Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
  • Hitachi Virtual Storage Platform F350, F370, F700, F900
  • Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
  • Hitachi Virtual Storage Platform F400, F600, F800
  • Hitachi Virtual Storage Platform N400, N600, N800
  • Hitachi Universal Storage Platform V
  • Hitachi Universal Storage Platform VM
  • Hitachi Unified Storage VM
  • Hitachi Unified Storage 100
  • Hitachi Adaptable Modular Storage
  • Hitachi Workgroup Modular Storage
  • Hitachi Simple Modular Storage
  • Hitachi Virtual Storage Platform
  • Hitachi Virtual Storage Platform VP9500

Action to be taken

Software update.
Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

Revision history

  • July 5, 2024: This security information page is published.
  • Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
  • The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
  • The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
  • The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.