Use After Free (CWE-416)
Xbox Wireless Adapter Remote Code Execution Vulnerability. This is a Use After Free vulnerability with a high severity rating. It has an attack vector of Adjacent Network, requires no user interaction, and has high impacts on confidentiality, integrity, and availability.
This vulnerability could allow an attacker on an adjacent network to execute arbitrary code on the target system without any user interaction. The attack complexity is high, but if successful, it could lead to a complete compromise of the system's confidentiality, integrity, and availability. This means an attacker could potentially access sensitive information, modify system data, or disrupt system operations.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft released an update to address this vulnerability on July 9, 2024.
1. Apply the security update provided by Microsoft as soon as possible. 2. Implement network segmentation to limit the exposure of systems with Xbox Wireless Adapters to potential adjacent network attacks. 3. Monitor for unusual network activity, particularly from adjacent networks. 4. Ensure all Windows systems, especially those running Windows 11 version 21H2, are included in the patching schedule. 5. If immediate patching is not possible, consider temporarily disabling or disconnecting Xbox Wireless Adapters in high-risk environments until the patch can be applied.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (92149)
A CVSS base score of 7.5 has been assigned.
NVD published the first details for CVE-2024-38078
Feedly found the first article mentioning CVE-2024-38078. See article
This CVE started to trend in security discussions
EPSS Score was set to: 0.05% (Percentile: 21.9%)
This CVE stopped trending in security discussions