Windows Themes Spoofing Vulnerability: A Growing Concern

CVE-2024-38030

6.5MEDIUM

Key Information

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 July 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Windows Themes Spoofing Vulnerability

Affected Version(s)

Windows 10 Version 1809 < 10.0.17763.6054

Windows Server 2019 < 10.0.17763.6054

Windows Server 2019 (Server Core installation) < 10.0.17763.6054

News Articles

CVE-2024-38030CVE-2024-21320

Windows Themes 0-day opens door to NTLM credential theft

There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials. That's the bad news. The good news: Acros Security's 0patch has developed a free...

3 weeks ago

CyberSecurityNews

CVE-2024-38030

New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials

New identical Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials vulnerability that might allow attackers to obtain NTLM credentials of compromised systems while fixing CVE-2024-38030, a medium-severity Windows Themes spoofing issue.

4 weeks ago

CVE-2024-38030CVE-2024-21320

Recurring Windows Flaw Could Expose User Credentials

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.

4 weeks ago

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Oct 29, 2024
First article discovered by Help Net Security
Oct 29, 2024
Vulnerability published.
Jul 9, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed5 News Article(s)