Uncontrolled Resource Consumption (CWE-400)
A vulnerability in the Windows Line Printer Daemon Service could allow an attacker to cause a denial of service condition. This is classified as an Uncontrolled Resource Consumption vulnerability (CWE-400). The attack vector is adjacent network, requiring no user interaction and no privileges, with low attack complexity.
An attacker exploiting this vulnerability could cause a denial of service, disrupting the availability of the affected Windows system. This could potentially lead to service interruptions and system unavailability, impacting business operations and productivity. The CVSS base score of 6.5 indicates a medium severity level, with high impact on availability but no impact on confidentiality or integrity.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released updates to address this vulnerability across multiple affected Windows versions.
1. Apply the latest security updates provided by Microsoft for the affected Windows versions. 2. Prioritize patching based on the criticality of the systems and their exposure to adjacent network attacks. 3. For Windows Server 2016, update to a version newer than 10.0.14393.7159. 4. For Windows 10 22H2, update to a version newer than 10.0.19045.4651. 5. For Windows 10 21H2, update to a version newer than 10.0.19044.4651. 6. For Windows Server 2022 23H2, update to a version newer than 10.0.25398.1009. 7. For Windows 11 23H2, update to a version newer than 10.0.22631.3880. 8. For Windows 11 22H2, update to a version newer than 10.0.22621.3880. 9. For Windows 11 21H2, update to a version newer than 10.0.22000.3079. 10. For Windows Server 2019, update to a version newer than 10.0.17763.6054. 11. For Windows 10 1507, update to a version newer than 10.0.10240.20710. 12. For Windows 10 1607, update to a version newer than 10.0.14393.7159. 13. For Windows 10 1809, update to a version newer than 10.0.17763.6054. 14. For Windows Server 2022, update to a version newer than 10.0.20348.2582. 15. If immediate patching is not possible, consider implementing network segmentation to limit adjacent network access to vulnerable systems.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Detection for the vulnerability has been added to Qualys (92149)
A CVSS base score of 6.5 has been assigned.
NVD published the first details for CVE-2024-38027
Feedly found the first article mentioning CVE-2024-38027. See article
Feedly estimated the CVSS score as MEDIUM
EPSS Score was set to: 0.04% (Percentile: 13%)