Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38106

7HIGH

Key Information:

Vendor

Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
13 August 2024

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2024-38106?

Multiple Microsoft vulnerabilities pose a critical risk to Windows and related software, with at least six zero-day flaws being actively exploited by attackers. These vulnerabilities allow for local privilege escalation and remote code execution, with potential impacts on system security and user data. The flaws affect various Windows components, including the kernel, Edge browser, and the Windows scripting engine. Additionally, several of the vulnerabilities can be chained together to amplify their impact. Ensuring timely patching and maintaining security vigilance is crucial in mitigating the risk posed by these vulnerabilities.

CISA has reported CVE-2024-38106

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38106 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20751

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7259

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6189

News Articles

favicon imageCybersecurityNews

PoC Exploit Released for 0-Day Windows Kernel Privilege Escalation Vulnerability

A proof-of-concept (PoC) exploit has been publicly released for a critical zero-day elevation of privilege vulnerability in the Windows kernel.

favicon imageThe Hacker News

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

North Korean hackers exploited a Google Chrome zero-day flaw to deliver the FudModule rootkit, targeting cryptocurrency platforms.

favicon imageKrebs on Security

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź‘ľ

    Exploit known to exist

  • 🦅

    CISA Reported

  • đź“°

    First article discovered

  • Vulnerability published

  • Vulnerability Reserved

JSON
.