Use After Free (CWE-416)
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability. This vulnerability affects Windows systems and allows for remote code execution through the Layer-2 Bridge Network Driver. It has a CVSS base score of 8.8, indicating high severity. The vulnerability requires no user interaction and can be exploited from an adjacent network with low attack complexity. This is a Use After Free (CWE-416) type vulnerability.
If exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system with high impact on confidentiality, integrity, and availability. The attacker could potentially gain full control over the affected Windows system, accessing sensitive information, modifying data, or disrupting system operations. Given the "ADJACENT_NETWORK" attack vector, the attacker would need to be on the same network segment as the target, which somewhat limits the scope of potential attacks but still presents a significant risk in local area networks or other shared network environments.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released an official fix for this vulnerability on July 9, 2024. The security team should prioritize applying this patch to affected systems. The patch addresses the vulnerability in the following Windows versions: - Windows Server 2022 23H2 (versions prior to 10.0.25398.1009) - Windows Server 2019 (versions prior to 10.0.17763.6054) - Windows Server 2016 (versions prior to 10.0.14393.7159) - Windows 10 21H2 (versions prior to 10.0.19044.4651) - Windows 10 1607 (versions prior to 10.0.14393.7159) - Windows 11 23H2 (versions prior to 10.0.22631.3880) - Windows Server 2012 and Server 2012 R2 - Windows Server 2022 (versions prior to 10.0.20348.2582) - Windows 10 22H2 (versions prior to 10.0.19045.4651) - Windows 11 22H2 (versions prior to 10.0.22621.3880) - Windows 10 1809 (versions prior to 10.0.17763.6054) - Windows 11 21H2 (versions prior to 10.0.22000.3079) - Windows 10 1507 (versions prior to 10.0.10240.20710)
1. Apply the official patch released by Microsoft as soon as possible to all affected systems. 2. Implement network segmentation to limit the exposure of vulnerable systems to potential adjacent network attacks. 3. Monitor and restrict network access, particularly from untrusted or less secure network segments. 4. Keep all Windows systems and software up to date with the latest security patches. 5. Use intrusion detection and prevention systems to monitor for and block potential exploitation attempts. 6. If patching is not immediately possible, consider temporarily disabling the Windows Layer-2 Bridge Network Driver functionality if it's not critical for operations. 7. Prioritize patching based on the criticality of the systems and their exposure to adjacent network segments. 8. Conduct a thorough inventory of all Windows systems in your environment to ensure no affected systems are overlooked during the patching process.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (92149)
A CVSS base score of 8.8 has been assigned.
NVD published the first details for CVE-2024-38053
Feedly found the first article mentioning CVE-2024-38053. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.05% (Percentile: 21.9%)