Improper Access Control (CWE-284)
A DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability has been identified in various versions of Microsoft Windows. This vulnerability is associated with improper access control (CWE-284) and allows an attacker with low privileges to potentially elevate their privileges on the affected system. The vulnerability affects multiple versions of Windows, including Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2, 23H2), Windows Server 2008, 2012, 2016, 2019, 2022, and Windows Server 2022 23H2.
If exploited, this vulnerability could allow an attacker to gain higher privileges on the affected system. The potential impacts are severe, as indicated by the CVSS v3.1 score of 7.5 (High): 1. Confidentiality Impact: High - There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. 2. Integrity Impact: High - There is a total loss of integrity or a complete loss of protection, resulting in the attacker being able to modify any/all files protected by the impacted component. 3. Availability Impact: High - There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component. The attack vector is Network-based, requiring no user interaction, which increases the potential for remote exploitation. However, the attack complexity is rated as High, which may limit the ease of exploitation. There is currently no evidence of public proof-of-concept or active exploitation.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available for this vulnerability. Microsoft released updates to address this issue on July 9, 2024. Security teams should prioritize applying these patches to affected systems.
1. Apply the security updates provided by Microsoft as soon as possible, prioritizing based on the criticality of affected systems. 2. Implement the principle of least privilege across your network to minimize the potential impact of privilege escalation vulnerabilities. 3. Monitor for unusual DCOM activity or unexpected privilege escalations in your Windows environments. 4. Ensure that only necessary ports and services are exposed, especially those related to DCOM. 5. Implement network segmentation to limit the potential spread if an attacker successfully exploits this vulnerability. 6. Keep all Windows systems and software up to date with the latest security patches. 7. Use endpoint detection and response (EDR) tools to monitor for and detect potential exploitation attempts.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-38061 is a critical DCOM permissions bug that was fixed by Microsoft in July 2024 Patch Tuesday. The vulnerability was deemed of IMPORTANT severity and could potentially be exploited in the wild. While there are no proof-of-concept exploits currently available, users are advised to apply the patch to mitigate any potential risks. See article
Detection for the vulnerability has been added to Qualys (92149)
A CVSS base score of 7.5 has been assigned.
NVD published the first details for CVE-2024-38061
Feedly found the first article mentioning CVE-2024-38061. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.05% (Percentile: 19.6%)
This CVE started to trend in security discussions
This CVE stopped trending in security discussions