Elevation of Privilege Vulnerability Affects Windows Sockets
CVE-2024-38193
Key Information:
- Vendor
- Microsoft
- Status
- Windows 11 Version 24h2
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Vendor
- CVE Published:
- 13 August 2024
Badges
What is CVE-2024-38193?
CVE-2024-38193 is a security vulnerability in the Windows Ancillary Function Driver specifically related to Windows Sockets. This flaw allows for elevation of privilege, meaning that it can enable an attacker to gain heightened access to system resources and execute unauthorized actions. If exploited, this vulnerability can severely compromise an organization's security posture, as it may allow attackers to execute commands or access sensitive information with elevated privileges, undermining the integrity of the system and the safety of data.
Technical Details
The vulnerability pertains to improper handling within the Windows Ancillary Function Driver for WinSock, which is responsible for network communication in Windows environments. This flaw can be targeted by a local attacker who can leverage it to escalate their privileges on the system. Exploitation requires certain user-level access, but once achieved, it enables attackers to gain control over system processes, alter configurations, or deploy their malicious code without detection.
Impact of the Vulnerability
-
Unauthorized System Access: The primary risk is that attackers can gain unauthorized access to critical system functions and data, enabling them to compromise sensitive information or disrupt normal operations.
-
Data Integrity Threats: Exploitation of this vulnerability can lead to unauthorized changes in system settings or data theft, posing significant risks to data integrity and confidentiality.
-
Increased Attack Surface: The elevation of privileges could provide attackers with the capability to launch further attacks within the organization, facilitating additional breaches or the insertion of malware, which could spread throughout the network.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20751
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7259
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6189
News Articles
Cyber Security NewsCVE-2024-38193Hackers Can Exploit Windows Driver Use-After-Free Vulnerability (CVE-2024-38193) to Gain Systems Privileges
A critical use-after-free vulnerability called CVE-2024-38193 is found in the Windows driver afd.sys. It affects the Registered I/O (RIO) extension.
1 month ago
Help Net SecurityCVE-2024-381930-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) - Help Net Security
CVE-2024-38193 has been leveraged by North Korean hackers to install a rootkit on targets' computers, researchers have revealed.
5 months ago
Ars TechnicaCVE-2024-38193Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.
5 months ago
References
CVSS V3.1
Timeline
- π
Vulnerability started trending
- π°
Used in Ransomware
- π°
First article discovered by SecurityWeek
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved