CVE-2024-38066

Use After Free (CWE-416)

Published: Jul 9, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Windows Win32k Elevation of Privilege Vulnerability. This is a Use After Free vulnerability affecting various versions of Windows, including Windows Server 2016, Windows 10 (versions 22H2, 21H2, 1607, 1809, 1507), Windows 11 (versions 21H2, 22H2, 23H2), Windows Server 2008, Windows Server 2012, and Windows Server 2019. The vulnerability has a CVSS v3.1 base score of 7.8, indicating a high severity. It requires local access and low privileges to exploit, with no user interaction needed.

Impact

If exploited, this vulnerability could allow an attacker to gain elevated privileges on the affected system. The impact is severe, with high potential for compromise of confidentiality, integrity, and availability of the system. An attacker who successfully exploits this vulnerability could potentially execute arbitrary code with elevated privileges, install programs, view, change, or delete data, or create new accounts with full user rights.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Microsoft has released security updates to address this issue. The patch was added on July 9, 2024, and is available through the Microsoft Update Guide.

Mitigation

To mitigate this vulnerability, it is strongly recommended to apply the security updates provided by Microsoft as soon as possible. Prioritize patching for systems running the affected Windows versions, especially those in sensitive or critical environments. Additionally, implement the principle of least privilege, limiting user account permissions where possible to minimize the potential impact of exploitation. Regular system updates and security best practices should be maintained to protect against this and other vulnerabilities.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.8 has been assigned.

Jul 9, 2024 at 5:05 PM / microsoft
CVE Assignment

NVD published the first details for CVE-2024-38066

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38066. See article

Jul 9, 2024 at 5:17 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 9, 2024 at 6:53 PM
Threat Intelligence Report

CVE-2024-38066 is a critical EoP vulnerability in Windows Win32k with a CVSSv3 score of 7.8. It is rated as "Exploitation More Likely" by Microsoft, indicating a higher risk of exploitation in the wild. While there are no known proof-of-concept exploits, users are advised to apply patches provided by Microsoft to mitigate the risk of privilege escalation. See article

Jul 9, 2024 at 7:06 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.2%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE started to trend in security discussions

Jul 12, 2024 at 9:32 AM
Trending

This CVE stopped trending in security discussions

Jul 12, 2024 at 10:08 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_10_1607
+null more

Patches

Microsoft
+null more

References

Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild. Microsoft released 138 CVEs in July 2024 Patch Tuesday release, with five rated critical, 132 rated important and one rated moderate.

News

ZDI-24-1311: Microsoft Windows Menu DC Path Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Xerox Security Bulletin XRX24- 013 for Xerox® FreeFlow® Print Server v2 / Windows® 10
The methods of Security Patch Update delivery and install are over the network using FreeFlow® Print Server Update Manager or directly from Microsoft® using Windows® Update service, and using media (i.e., USB). The FreeFlow® Print Server engineering team receives new patch updates in January, April, July, and October, and will test them for supported Printer products (such as iGen®5 printers) prior to delivery for customer install.
Update Thu Aug 15 14:36:12 UTC 2024
Update Thu Aug 15 14:36:12 UTC 2024
Microsoft Security Bulletin Coverage For August 2024
The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 and has produced coverage for ten of the reported vulnerabilities Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
Windows Win32k Elevation of Privilege VulnerabilityWindows Win32k Elevation o...
Windows Win32k Elevation of Privilege Vulnerability
See 23 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI