Out-of-bounds Read (CWE-125)
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability. This vulnerability is related to an out-of-bounds read issue (CWE-125) in the Microsoft Windows Performance Data Helper Library. It affects multiple versions of Windows operating systems, including Windows Server and Windows client versions.
This vulnerability allows for remote code execution with high impacts on confidentiality, integrity, and availability. An attacker who successfully exploits this vulnerability could potentially execute arbitrary code with elevated privileges, leading to full system compromise. The attack vector is network-based and requires no user interaction, but does require high privileges to execute.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patches are available. Microsoft has released updates to address this vulnerability. The patches were first made available on July 9, 2024.
1. Apply the latest security updates provided by Microsoft for the affected Windows versions. 2. Ensure that only trusted users have high-level access privileges on affected systems. 3. Implement network segmentation and firewall rules to limit exposure of vulnerable systems. 4. Monitor for and investigate any suspicious network activities that could indicate exploitation attempts. 5. Keep all Windows systems updated to the latest versions, which for the affected products are: - Windows Server 2022: Version 10.0.20348.2582 or later - Windows 11 23H2: Version 10.0.22631.3880 or later - Windows 10 1607 and Windows Server 2016: Version 10.0.14393.7159 or later - Windows 10 1809 and Windows Server 2019: Version 10.0.17763.6054 or later - Windows 10 1507: Version 10.0.10240.20710 or later - Windows 10 22H2: Version 10.0.19045.4651 or later - Windows 11 22H2: Version 10.0.22621.3880 or later - Windows Server 2022 23H2: Version 10.0.25398.1009 or later - Windows 11 21H2: Version 10.0.22000.3079 or later - Windows 10 21H2: Version 10.0.19044.4651 or later 6. For systems that cannot be immediately updated, consider additional security measures such as application whitelisting and enhanced monitoring.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (92149)
A CVSS base score of 7.2 has been assigned.
NVD published the first details for CVE-2024-38028
Feedly found the first article mentioning CVE-2024-38028. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.05% (Percentile: 19.6%)