FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-38080

Integer Overflow or Wraparound (CWE-190)

Published: Jul 9, 2024

010
CVSS 7.8EPSS 0.14%High
CVE info copied to clipboard

Summary

Windows Hyper-V Elevation of Privilege Vulnerability. This is a local attack vector vulnerability with low attack complexity and requires low privileges. It has high impact on confidentiality, integrity, and availability. The vulnerability is associated with CWE-190 (Integer Overflow or Wraparound).

Impact

This vulnerability could allow an attacker with low privileges to elevate their privileges within the Windows Hyper-V environment. The attacker could potentially gain full control over the affected system, compromising the confidentiality, integrity, and availability of data and resources. This could lead to unauthorized access to sensitive information, modification of system configurations, and potential disruption of services running on the Hyper-V host or virtual machines. The vulnerability has a CVSS v3.1 base score of 7.8, indicating high severity.

Exploitation

One proof-of-concept exploit is available on github.com. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list. Its exploitation has been reported by various sources, including sophos.com, microsoft.com.

Patch

A patch is available. Microsoft released an official fix for this vulnerability on July 9, 2024. Affected products and their patched versions are: - Windows 11 21H2: Patch to version 10.0.22000.3079 or later - Windows 11 22H2: Patch to version 10.0.22621.3880 or later - Windows 11 23H2: Patch to version 10.0.22631.3880 or later - Windows Server 2022: Patch to version 10.0.20348.2582 or later - Windows Server 2022 23H2: Patch to version 10.0.25398.1009 or later

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. Limit access to Hyper-V hosts and ensure that only trusted users have low-level privileges. 3. Monitor Hyper-V environments for any suspicious activities or unauthorized privilege escalations. 4. Implement the principle of least privilege across your environment. 5. Keep all Windows systems and Hyper-V components up to date with the latest security patches. 6. Use network segmentation to isolate Hyper-V hosts and limit potential lateral movement in case of a successful exploit.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Exploitation in the Wild

Attacks in the wild have been reported by inthewild.io.

Jul 9, 2024 at 12:00 AM / inthewild.io
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
First Article

Feedly found the first article mentioning CVE-2024-38080. See article

Jul 9, 2024 at 5:10 PM / #proofofconcept
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 9, 2024 at 5:11 PM
CVE Assignment

NVD published the first details for CVE-2024-38080

Jul 9, 2024 at 5:15 PM
Exploitation in the Wild

Attacks in the wild have been reported by Sophos Press Releases. See article

Jul 9, 2024 at 6:06 PM / Sophos Press Releases
Trending

This CVE started to trend in security discussions

Jul 9, 2024 at 6:44 PM
Threat Intelligence Report

CVE-2024-38080 is an important EoP vulnerability in Windows Hyper-V with a CVSSv3 score of 7.8. A local, authenticated attacker could exploit this vulnerability to elevate privileges to SYSTEM. There are currently no known proof-of-concept exploits, but it is crucial for organizations to apply patches and implement mitigations to prevent potential attacks and downstream impacts on third-party vendors. See article

Jul 9, 2024 at 7:06 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 9, 2024 at 8:38 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_11_23h2
+null more

Exploits

https://github.com/pwndorei/CVE-2024-38080
+null more

Proof Of Exploit

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

Vendor Advisory

CVE-2024-38080 - Security Update Guide - Microsoft - Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft Security Response Center / 4mo
There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable).

References

CVE-2024-38080 - Security Update Guide - Microsoft - Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft Security Response Center / 4mo
There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable).
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
Cyber Exposure Alerts / 4mo
Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild. Microsoft released 138 CVEs in July 2024 Patch Tuesday release, with five rated critical, 132 rated important and one rated moderate.
Recent Vulnerabilities in Cybersecurity: July 2024 CVE Roundup
Security Boulevard / 3mo
Impact and Potential Risks: Exploitation can result in unauthorized access and control over affected systems, leading to significant data breaches and potential system compromise. Impact and Potential Risks: Exploitation can lead to significant security breaches, including unauthorized access, data exfiltration, and system compromise.
See 3 more references

News

From CVE to PoC: A Collection Maps Windows Privilege Escalation Landscape
Cybersecurity News / 1d
This repository, hosted on Github, serves as a valuable resource for security researchers, penetration testers, and system administrators interested in understanding and mitigating privilege escalation attacks. Security researcher Michael Zhmaylo has assembled a comprehensive collection of publicly disclosed exploits for Local Privilege Escalation (LPE) vulnerabilities affecting Microsoft Windows operating systems.
Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days - YouTube
Google Alert - "zero-day" / 27d
... zero-day exploited in the wild (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080) • LABScon Program Committee (https://www ...
Microsoft Monthly Security Update (July 2024)
News – RedPacket Security / 28d
Vulnerable Product Risk Level Impacts Notes Microsoft Dynamics Medium Risk Information Disclosure Windows High Risk Elevation of Privilege Elevation of Privilege SQL Server Medium Risk Remote Code Execution Microsoft Office High Risk Remote Code Execution
Roundup of Microsoft Patch Tuesday (July 2024)
Sangfor / 34d
The following figure shows the trend and number of vulnerabilities at different severity levels addressed by Microsoft in July from 2021 to 2024. Figure 2 Number of Windows Patches Released by Microsoft in July from 2021 to 2024
1-15 July 2024 Cyber Attacks Timeline
HACKMAGEDDON / 40d
Targeted Attack Public admin and defence, social security Cyber Espionage IN Sentinel One, Pakistan, Transparent Tribe, APT 36, Operation C-Major, India, Android, CapraRAT 3 01/07/2024 'During the past two weeks' 'During the past two weeks' Volcano Demon Organizations in the manufacturing and logistics industries Researchers from Halcyon discover Volcano Demon, a new ransomware group targeting organizations in manufacturing and logistics via an encryptor dubbed LukaLocker. Targeted Attack Unknown Cyber Espionage N/A Turla, G Data, Shortcut 33 05/07/2024 - - Hive0127 (a.k.a. UNC2565) Multiple organizations Researchers from Cybereason reveal that the malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts.
See 239 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-190(2579)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial