Potential Elevation of Privilege Vulnerability in Windows Backup

CVE-2024-38202
7.3HIGH

Key Information

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
8 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The first article outlines a potential elevation of privilege vulnerability in Windows Backup, which could allow an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or bypass some features of Virtualization Based Security (VBS). Exploitation requires interaction by a privileged user, and Microsoft is currently working on a security update to mitigate the threat. There are no known attempts to exploit this vulnerability, but a public presentation of the vulnerability was hosted at BlackHat, and attendees are encouraged to follow Recommended Actions to protect their systems. The second article reveals that SafeBreach security researcher Alon Leviev discovered two zero-day vulnerabilities in Windows Update, which could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, 11, and Server systems and reintroduce old vulnerabilities. These vulnerabilities have not yet received a security update from Microsoft, even though six months have passed since they were reported. The exploitation of these zero-day vulnerabilities could expose systems to thousands of past vulnerabilities and make the term "fully patched" meaningless on any Windows machine. There are observed attempts to exploit these vulnerabilities, making it crucial for users to upgrade to the fixed version as soon as it becomes available.

Affected Version(s)

Windows 10 Version 1809 =

Windows Server 2019 =

Windows Server 2019 (Server Core installation) =

News Articles

favicon imageBleepingComputer

Windows Downdate tool lets you 'unpatch' Windows systems

SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems.

3 weeks ago

favicon imageeSecurity Planet

Vulnerability Recap 8/19/24: Microsoft, Ivanti, SolarWinds

Microsoft appears on our list multiple times this week, with notable Patch Tuesday CVEs and an Entra ID vulnerability that affects hybrid clouds.

1 month ago

favicon image

Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet.

1 month ago

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • Vulnerability published.

  • First article discovered by BleepingComputer

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed8 News Article(s)
.