Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38106

7HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 13 August 2024

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

Multiple Microsoft vulnerabilities pose a critical risk to Windows and related software, with at least six zero-day flaws being actively exploited by attackers. These vulnerabilities allow for local privilege escalation and remote code execution, with potential impacts on system security and user data. The flaws affect various Windows components, including the kernel, Edge browser, and the Windows scripting engine. Additionally, several of the vulnerabilities can be chained together to amplify their impact. Ensuring timely patching and maintaining security vigilance is crucial in mitigating the risk posed by these vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20751

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7259

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6189

News Articles

The Hacker News

CVE-2024-7971 CVE-2024-38106

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

North Korean hackers exploited a Google Chrome zero-day flaw to deliver the FudModule rootkit, targeting cryptocurrency platforms.

4 months ago

Krebs on Security

CVE-2024-38106

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.

5 months ago

CVE-2024-38202 CVE-2024-38106

Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet.

5 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 13, 2024
🦅
CISA Reported
Aug 13, 2024
📰
First article discovered
Aug 13, 2024
Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed3 News Article(s)