CVE-2024-38069

Improper Verification of Cryptographic Signature (CWE-347)

Published: Jul 9, 2024

010
CVSS 7EPSS 0.04%High
CVE info copied to clipboard

Summary

A Windows Enroll Engine Security Feature Bypass Vulnerability has been identified. This vulnerability is associated with improper verification of cryptographic signatures (CWE-347). It affects multiple versions of Windows, including Windows Server 2019, 2022, 2016, Windows 10 (various versions), and Windows 11 (various versions).

Impact

The vulnerability has a high severity rating with a CVSS v3.1 base score of 7.0. If exploited, it could lead to high impacts on confidentiality, integrity, and availability of the affected systems. The attack vector is local, requiring low privileges and no user interaction, but with high attack complexity. This suggests that while the vulnerability is serious, it may be somewhat challenging to exploit. Given the nature of a security feature bypass in the Windows Enroll Engine, successful exploitation could potentially allow an attacker to circumvent security measures, potentially leading to unauthorized access, data manipulation, or system compromise.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Microsoft released updates to address this issue on July 9, 2024. The patch is available through the Microsoft Update Guide.

Mitigation

1. Apply the security updates provided by Microsoft as soon as possible to all affected Windows systems. 2. Prioritize patching for systems that are more likely to be targeted or those that handle sensitive information. 3. Implement the principle of least privilege to minimize the potential impact if the vulnerability is exploited. 4. Monitor for any unusual activities or unauthorized changes in system configurations, especially those related to certificate validation or cryptographic signatures. 5. Keep all Windows systems and software up to date with the latest security patches as part of ongoing maintenance. 6. Consider implementing additional security measures such as network segmentation and endpoint detection and response (EDR) solutions to help detect and prevent potential exploitation attempts.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVSS

A CVSS base score of 7 has been assigned.

Jul 9, 2024 at 5:05 PM / microsoft
CVE Assignment

NVD published the first details for CVE-2024-38069

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38069. See article

Jul 9, 2024 at 5:17 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 9, 2024 at 6:53 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 9, 2024 at 10:35 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.2%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE started to trend in security discussions

Jul 11, 2024 at 5:25 PM
Trending

This CVE stopped trending in security discussions

Jul 12, 2024 at 6:08 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_10_22h2
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-463: Padding Oracle Crypto Attack
+null more

News

Xerox Security Bulletin XRX24- 013 for Xerox® FreeFlow® Print Server v2 / Windows® 10
The methods of Security Patch Update delivery and install are over the network using FreeFlow® Print Server Update Manager or directly from Microsoft® using Windows® Update service, and using media (i.e., USB). The FreeFlow® Print Server engineering team receives new patch updates in January, April, July, and October, and will test them for supported Printer products (such as iGen®5 printers) prior to delivery for customer install.
Windows Enroll Engine Security Feature Bypass VulnerabilityWindows Enroll Eng...
Windows Enroll Engine Security Feature Bypass Vulnerability
cveNotify : 🚨 CVE-2024-38069Windows Enroll Engine Security Feature Bypass Vulnerability🎖@cveNotify
cveNotify : 🚨 CVE-2024-38069Windows Enroll Engine Security Feature Bypass Vulnerability🎖@cveNotify
[Cyware] Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Summary: This content highlights the latest vulnerabilities and their severity in various Microsoft products, including .NET and Visual Studio, Active Directory Rights Management Services, Azure CycleCloud, and Azure DevOps. Threat …
Microsoft Enhances Windows 11 24H2 Copilot+ PCs in July Patch Tuesday
Windows Graphics Component Remote Code Execution Vulnerability Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
See 11 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI