Elevation of Privilege Vulnerability Affects Windows Sockets

CVE-2024-38193
7.8HIGH

Key Information

Vendor
Microsoft
Status
Windows 11 Version 24h2
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Vendor
CVE Published:
13 August 2024

Badges

😄 Trended👾 Exploit Exists📰 News Worthy

Summary

CVE-2024-38193 is a critical elevation of privilege vulnerability affecting the Windows Ancillary Function Driver for WinSock, with a CVSS score of 7.8. The vulnerability allows attackers to gain SYSTEM privileges, making it a significant security concern. It has been actively exploited by the North Korea-linked Lazarus APT group, highlighting its potential impact on targeted systems. Microsoft released security updates in August 2024 to address the vulnerability, urging users to apply the patches promptly. In addition to CVE-2024-38193, another zero-day vulnerability, CVE-2024-21338, was exploited by the Lazarus Group to gain kernel-level access and disable security software. This exploitation demonstrates the group's advanced tactics and the potential consequences of these vulnerabilities being used in the wild. The exploitation of these vulnerabilities can result in unauthorized access to sensitive system areas, potentially leading to significant financial losses and security breaches, particularly in targeted industries such as cryptocurrency engineering and aerospace. Addressing these vulnerabilities through timely patching and security measures is crucial to mitigating the risk of exploitation and protecting against advanced cyber threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38193 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 11 Version 24H2 < 10.0.26100.1457

Windows 10 Version 1809 < 10.0.17763.6189

Windows Server 2019 < 10.0.17763.6189

News Articles

favicon imageHelp Net Security

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) - Help Net Security

CVE-2024-38193 has been leveraged by North Korean hackers to install a rootkit on targets' computers, researchers have revealed.

3 months ago

favicon imageArs Technica

Windows 0-day was exploited by North Korea to install advanced rootkit

FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.

3 months ago

favicon imageGBHackers on Security

Lazarus Hacker Group Exploited Microsoft Windows Zero-day

Microsoft Windows Zero-day vulnerability, cataloged as CVE-2024-38193, was discovered by researchers in early June 2024.

3 months ago

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • Vulnerability started trending.

  • First article discovered by SecurityWeek

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed5 News Article(s)
.