Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-38106
7HIGH

Key Information

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
13 August 2024

Badges

đź‘ľ Exploit Existsđź“° News Worthy

Summary

Multiple Microsoft vulnerabilities pose a critical risk to Windows and related software, with at least six zero-day flaws being actively exploited by attackers. These vulnerabilities allow for local privilege escalation and remote code execution, with potential impacts on system security and user data. The flaws affect various Windows components, including the kernel, Edge browser, and the Windows scripting engine. Additionally, several of the vulnerabilities can be chained together to amplify their impact. Ensuring timely patching and maintaining security vigilance is crucial in mitigating the risk posed by these vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38106 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1809 < 10.0.17763.6189

Windows Server 2019 < 10.0.17763.6189

Windows Server 2019 (Server Core installation) < 10.0.17763.6189

News Articles

favicon imageThe Hacker News

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

North Korean hackers exploited a Google Chrome zero-day flaw to deliver the FudModule rootkit, targeting cryptocurrency platforms.

3 weeks ago

favicon imageKrebs on Security

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.

1 month ago

favicon image

Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet.

1 month ago

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź‘ľ

    Exploit exists.

  • First article discovered by null

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed3 News Article(s)
.