FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-38060

Heap-based Buffer Overflow (CWE-122)

Published: Jul 9, 2024

010
CVSS 8.8EPSS 0.05%High
CVE info copied to clipboard

Summary

Windows Imaging Component Remote Code Execution Vulnerability. This vulnerability affects the Windows Imaging Component and allows for remote code execution. The vulnerability has a low attack complexity, requires low privileges, and no user interaction. It is associated with CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). The vulnerability affects multiple versions of Windows, including Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2, 23H2), Windows Server 2008, 2012, 2016, 2019, 2022, and 2022 23H2.

Impact

This vulnerability could allow an attacker to remotely execute code on the affected system with the same privileges as the vulnerable component. Given the high confidentiality, integrity, and availability impacts, a successful exploit could lead to unauthorized access to sensitive information, modification of system files or data, and potential disruption of system services. The attack vector is network-based, making it potentially accessible to remote attackers.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability as of July 9, 2024. Security teams should prioritize applying this patch to all affected systems.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible to all affected Windows versions. 2. Implement network segmentation to limit exposure of vulnerable systems. 3. Monitor for suspicious activities related to the Windows Imaging Component. 4. Apply the principle of least privilege to minimize the potential impact if exploited. 5. Keep all Windows systems and components up to date with the latest security updates. 6. If immediate patching is not possible, consider temporarily disabling or restricting access to the Windows Imaging Component until the patch can be applied.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Jul 9, 2024 at 5:05 PM / microsoft
CVE Assignment

NVD published the first details for CVE-2024-38060

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38060. See article

Jul 9, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 9, 2024 at 5:25 PM
Threat Intelligence Report

CVE-2024-38060 is a critical Remote Code Execution vulnerability in the Windows Imaging Component, with a CVSSv3 score of 8.8. While there are no known exploits in the wild, attackers could potentially exploit this flaw by uploading a malicious TIFF file. Microsoft has not released a patch yet, so users are advised to be cautious when handling image files to mitigate the risk of exploitation. See article

Jul 9, 2024 at 7:06 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 19.6%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE started to trend in security discussions

Jul 12, 2024 at 9:32 AM
Trending

This CVE stopped trending in security discussions

Jul 12, 2024 at 10:08 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2012
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

References

July 2024 Threat Advisory – Top 5
SecurityHQ / 4mo
SecurityHQ has observed a newly discovered critical remote code execution vulnerability (CVE-2024-6387) affecting OpenSSH servers on glibc-based Linux systems. Microsoft has released its Patch Tuesday for July 2024, with security updates for 139 flaws with 59 Remote Code Execution Vulnerabilities.
Microsoft Patch Tuesday Analysis – July 2024
OccamSec / 4mo
Of the updates, a majority of the vulnerabilities are categorized as Remote-Code-Execution (RCE), followed by privilege elevation (with one exploited in the wild), and security feature bypasses. While SQL server had the largest number of high-rated vulnerabilities associated with it this month, Secure Boot was also the target of several CVEs. While a majority of these issues require user interaction, along with Lan or physical access to these machines, it is not an unprecedented route for malware to be served by an attacker that is within the network or a malicious insider.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
Cyber Exposure Alerts / 4mo
Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild. Microsoft released 138 CVEs in July 2024 Patch Tuesday release, with five rated critical, 132 rated important and one rated moderate.

News

July 2024 Patch Tuesday: Two Zero-Days and Five Critical Vulnerabilities Amid 142 CVEs
Recent-Articles / 49d
The Windows MSHTML Platform received a patch for CVE-2024-38112, which has a severity of Important and a CVSS score of 7.5 . Severity CVSS Score CVE Description Important 7.5 CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability
Xerox Security Bulletin XRX24- 013 for Xerox® FreeFlow® Print Server v2 / Windows® 10
Security Bulletins for Xerox Products / 2mo
The methods of Security Patch Update delivery and install are over the network using FreeFlow® Print Server Update Manager or directly from Microsoft® using Windows® Update service, and using media (i.e., USB). The FreeFlow® Print Server engineering team receives new patch updates in January, April, July, and October, and will test them for supported Printer products (such as iGen®5 printers) prior to delivery for customer install.
Update Tue Aug 27 14:38:24 UTC 2024
Recent Commits to cve:main / 2mo
Update Tue Aug 27 14:38:24 UTC 2024
Update Sat Aug 17 14:31:27 UTC 2024
Recent Commits to cve:main / 3mo
Update Sat Aug 17 14:31:27 UTC 2024
Update Thu Aug 15 14:36:12 UTC 2024
Recent Commits to cve:main / 3mo
Update Thu Aug 15 14:36:12 UTC 2024
See 81 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-122(1229)CWE-787(11243)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial