Hyper-V Elevation of Privilege Vulnerability

CVE-2024-38080
7.8HIGH

Key Information

Vendor
Microsoft
Status
Windows Server 2022
Windows 11 Version 21h2
Windows 11 Version 22h2
Windows 11 Version 22h3
Vendor
CVE Published:
9 July 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The Microsoft July update included patches for a total of 143 security flaws, with two actively exploited vulnerabilities. One of these is the CVE-2024-38080, a Windows Hyper-V Elevation of Privilege Vulnerability which enables a local, authenticated attacker to elevate privileges to SYSTEM level following an initial compromise of a targeted system. The second is CVE-2024-38112, a Windows MSHTML Platform Spoofing Vulnerability that can be leveraged by threat actors using specially-crafted Windows Internet Shortcut files to redirect victims to a malicious URL. According to the research, this marks the first active exploitation of one of 44 Hyper-V flaws since 2022. Other publicly known vulnerabilities listed include side-channel attack, remote code execution flaws, and spoofing vulnerability in the RADIUS protocol. The article also noted the release of security updates from a range of other vendors, indicating the widespread nature of cybersecurity risks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38080 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows Server 2022 < 10.0.20348.2582

Windows 11 version 21H2 < 10.0.22000.3079

Windows 11 version 22H2 < 10.0.22621.3880

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-38080
Created by pwndorei

News Articles

favicon imageThe Cyber Express

Zero-Day Flaws Added To Known Exploited Vulnerabilities Catalog

CISA added two zero-days flaws, CVE-2024-38080 and CVE-2024-38112 to the Known Exploited Vulnerabilities Catalog.

2 months ago

favicon imageThe Hacker News

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

Microsoft's July update patches 143 security flaws, including five critical and two actively exploited vulnerabilities.

2 months ago

favicon imageSecurity Affairs

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days.

2 months ago

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • First article discovered by Help Net Security

  • Vulnerability published.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed1 Proof of Concept(s)5 News Article(s)
.