Use After Free (CWE-416)
Win32k Elevation of Privilege Vulnerability. This is a local vulnerability with a low attack complexity that requires low privileges and no user interaction. It has high impacts on confidentiality, integrity, and availability. The vulnerability is classified as a Use After Free (CWE-416) issue. It affects multiple versions of Windows, including Windows Server 2022 (23H2 and standard), Windows 11 (23H2, 22H2, and 21H2), and Windows 10 (22H2 and 21H2).
This vulnerability allows an attacker with low privileges to elevate their privileges on a local system. The high impact on confidentiality, integrity, and availability suggests that an attacker could potentially gain significant control over the affected system, access sensitive information, modify critical data, and disrupt system operations. Affected versions include: - Windows Server 2022 (up to version 10.0.20348.2582) - Windows Server 2022 23H2 (up to version 10.0.25398.1009) - Windows 11 23H2 (up to version 10.0.22631.3880) - Windows 11 22H2 (up to version 10.0.22621.3880) - Windows 11 21H2 (up to version 10.0.22000.3079) - Windows 10 22H2 (up to version 10.0.19045.4651) - Windows 10 21H2 (up to version 10.0.19044.4651)
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft released an official fix for this vulnerability on July 9, 2024. The security team should prioritize applying this patch to all affected systems, updating to the following versions or later: - Windows Server 2022: 10.0.20348.2582 - Windows Server 2022 23H2: 10.0.25398.1009 - Windows 11 23H2: 10.0.22631.3880 - Windows 11 22H2: 10.0.22621.3880 - Windows 11 21H2: 10.0.22000.3079 - Windows 10 22H2: 10.0.19045.4651 - Windows 10 21H2: 10.0.19044.4651
1. Apply the official patch released by Microsoft as soon as possible to all affected Windows versions. 2. Prioritize patching based on the criticality of the systems and their exposure to potential attackers. Systems with local access by less trusted users should be prioritized. 3. Limit user privileges on systems to minimize the potential impact of successful exploitation. 4. Implement the principle of least privilege across your network. 5. Monitor for suspicious activities that might indicate attempts to exploit this vulnerability, particularly any unexpected privilege escalations. 6. Ensure that only trusted users have local access to sensitive systems. 7. If immediate patching is not possible, consider additional access controls or monitoring for affected systems.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (92149)
NVD published the first details for CVE-2024-38059
Feedly found the first article mentioning CVE-2024-38059. See article
Feedly estimated the CVSS score as MEDIUM
CVE-2024-38059 is a critical EoP vulnerability in Windows Win32k with a CVSSv3 score of 7.8. It is rated as "Exploitation More Likely" by Microsoft, indicating a higher risk of exploitation in the wild. Mitigations, detections, and patches are available from Microsoft to address this vulnerability and prevent potential downstream impacts to other third-party vendors or technologies. See article
EPSS Score was set to: 0.04% (Percentile: 9.2%)
This CVE started to trend in security discussions
This CVE stopped trending in security discussions