CVE-2024-38065

Heap-based Buffer Overflow (CWE-122)

Published: Jul 9, 2024

010
CVSS 6.8EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A Secure Boot Security Feature Bypass Vulnerability has been identified in various versions of Microsoft Windows. This vulnerability is classified as a Heap-based Buffer Overflow and Out-of-bounds Write issue. It affects multiple Windows versions including Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2, 23H2), and Windows Server (2012, 2016, 2019, 2022, 2022 23H2).

Impact

The vulnerability has a high severity rating with a CVSS v3.1 base score of 6.8. If exploited, this vulnerability could lead to a bypass of the Secure Boot security feature, potentially compromising the integrity, confidentiality, and availability of the affected systems. The attack vector is physical, requiring no user interaction and no privileges, but with a low attack complexity. This suggests that an attacker with physical access to the device could potentially exploit this vulnerability relatively easily.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch for this vulnerability is available. Microsoft released updates to address this issue on July 9, 2024. Security teams should prioritize applying these patches to all affected Windows systems.

Mitigation

To mitigate this vulnerability: 1. Apply the security updates provided by Microsoft as soon as possible to all affected Windows systems. 2. Prioritize patching based on the criticality of the systems and their exposure to potential physical access by unauthorized individuals. 3. Implement strict physical security measures to limit access to vulnerable systems, especially those that cannot be immediately patched. 4. Monitor for any suspicious activities or unauthorized physical access attempts to systems. 5. Consider disabling Secure Boot temporarily if patching is not immediately possible, but be aware this may introduce other security risks. 6. Ensure that all Windows systems are kept up-to-date with the latest security patches as part of ongoing security maintenance.

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVSS

A CVSS base score of 6.8 has been assigned.

Jul 9, 2024 at 5:05 PM / microsoft
CVE Assignment

NVD published the first details for CVE-2024-38065

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38065. See article

Jul 9, 2024 at 5:17 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 9, 2024 at 6:53 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 21.9%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE started to trend in security discussions

Jul 12, 2024 at 9:32 AM
Trending

This CVE stopped trending in security discussions

Jul 12, 2024 at 10:08 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2016
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

CVSS V3.1

Attack Vector:Physical
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI