CVE-2024-38085

Use After Free (CWE-416)

Published: Jul 9, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Windows Graphics Component Elevation of Privilege Vulnerability. This is a local vulnerability with a low attack complexity that requires low privileges and no user interaction. It has high impacts on confidentiality, integrity, and availability. The vulnerability is classified as a Use After Free (CWE-416) issue.

Impact

This vulnerability allows an attacker with low privileges to elevate their privileges on a local Windows system. The high impact on confidentiality, integrity, and availability suggests that an attacker could potentially gain full control over the affected system, access sensitive information, modify critical data, and disrupt system operations. The CVSS v3.1 base score is 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a severe local threat.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on July 9, 2024. Security teams should prioritize applying this patch, especially on systems that handle sensitive information or are critical to operations.

Mitigation

Apply the latest security updates from Microsoft as soon as possible. Prioritize patching systems that handle sensitive information or are critical to operations. Limit user privileges and ensure the principle of least privilege is followed. Monitor for suspicious activities, especially attempts to escalate privileges.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVE Assignment

NVD published the first details for CVE-2024-38085

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38085. See article

Jul 9, 2024 at 5:17 PM / FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 9, 2024 at 5:25 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 9, 2024 at 6:53 PM
Trending

This CVE started to trend in security discussions

Jul 9, 2024 at 7:13 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.2%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE stopped trending in security discussions

Jul 12, 2024 at 6:08 PM
Threat Intelligence Report

CVE-2024-38085 is a critical vulnerability in the Windows Win32 Kernel Subsystem, with a CVSS score of 7.8. The provided information does not specify whether it is being exploited in the wild, nor does it mention the existence of proof-of-concept exploits, mitigations, detections, patches, or any downstream impacts on third-party vendors or technology. Further investigation would be necessary to assess the full scope and implications of this vulnerability. See article

Oct 27, 2024 at 2:07 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_11_23h2
+null more

Patches

Microsoft
+null more

News

Xerox Security Bulletin XRX24- 013 for Xerox® FreeFlow® Print Server v2 / Windows® 10
The methods of Security Patch Update delivery and install are over the network using FreeFlow® Print Server Update Manager or directly from Microsoft® using Windows® Update service, and using media (i.e., USB). The FreeFlow® Print Server engineering team receives new patch updates in January, April, July, and October, and will test them for supported Printer products (such as iGen®5 printers) prior to delivery for customer install.
Update Sun Sep 1 22:32:38 UTC 2024
Update Sun Sep 1 22:32:38 UTC 2024
Microsoft Security Bulletin Coverage For August 2024
The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 and has produced coverage for ten of the reported vulnerabilities Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
28.829
Newly Added (12) Cassia.IoT.Gateways.bypass.config.queueUrl.Command.Injection Linksys.E5600.API.info.Command.Injection Tenda.AC500.SetTimeZone.Stack.Overflow Tenda.AC500.setVlanInfo.Stack.Overflow Tenda.AC500.forSetVlanInfo.Stack.Overflow Raisecom.Multiple.ISCOM.Devices.WebMGR.Command.Injection D-Link.DIR-619.formTcpipSetup.Stack.Overflow Realtek.rtl819x.Jungle.SDK.boa.formWlEncrypt.Buffer.Overflow Realtek.rtl819x.Jungle.SDK.boa.formDnsv6.Buffer.Overflow Malicious.VBA.Downloader Realtek.rtl819x.Jungle.SDK.boa.formRoute.Buffer.Overflow Realtek.rtl819x.Jungle.SDK.boa.formFilter.Buffer.Overflow Modified (65) Adobe.Flash.Player.ByteArray.Workers.Threading.Double.Free WordPress.Core.Avatar.Block.Stored.XSS MS.Office.OpenXML.ActiveX.Directory.CFB.Information.Disclosure Adobe.Flash.Bytecode.Li8.Exception.Memory.Corruption Oracle.Java.Applet.ByteCode.Verifier.Remote.Code.Execution SAP.Solution.Manager.SMDAgent.Remote.Code.Execution MS.Office.EPS.File.Handling.Use.After.Free Antivirus.Software.Magic.Byte.Detection.Evasion.Security.Bypass Symantec.Antivirus.RAR.Decompression.Heap.Overflow HAURI.Antivirus.ACE.Archive.Handling.Buffer.Overflow Symantec.Norton.Antivirus.ActiveX.DoS Sophos.Antivirus.CAB.File.Invalid.Folder.Count.Heap.Overflow Sophos.Antivirus.Reserved.Device.Name.Handling.Security.Bypass Sophos.Antivirus.Library.Visio.Scanning.Heap.Overflow Sophos.Antivirus.Zip.File.Handling.DoS Symantec.Norton.Antivirus.Stack.Exhaustion.DoS Albasoftware.Phpauction.phpAds_path.Remote.File.Inclusion Sophos.Antivirus.CHM.File.Heap.Overflow Multiple.Vendors.PDF.Catalog.Handling.Memory.Corruption Norton.Antivirus.Decompression.Bomb.DoS CA.eTrust.Antivirus.Inoweb.Buffer.Overflow Symantec.Antivirus.Engine.RAR.File.Parsing.DoS Symantec.Antivirus.Engine.CAB.Parsing.Heap.Overflow Philex.header.inc.PHP.Remote.File.Inclusion Novell.NetMail.Antivirus.Agent.Buffer.Overflow Persits.XUpload.ActiveX.Buffer.Overflow Comodo.Antivirus.ActiveX.ExecuteStr.Remote.Code.Execution Multiple.Vendors.PDF.Data.Stream.Memory.Corruption Multiple.Vendors.PDF.JBIG2.Symbol.Dictionary.Buffer.Overflow Multiple.Vendors.PDF.Launch.Action.Remote.Code.Execution PC.SOFT.WINDEV.WDP.File.Parsing.Overflow Clam.Antivirus.PE.Rebuilding.Heap.Buffer.Overflow Tracker.Software.PDF-XChange.Pdfxctrl.DLL.Buffer.Overflow PHP.Register.Variable.Ex.Function.Code.Execution Multiple.Vendor.Antivirus.Extended.ASCII.Security.Bypass Photodex.ProShow.Producer.Load.File.Buffer.Overflow Multiple.Antivirus.Products.File.Evasion.Security.Bypass Sophos.Antivirus.PDF.Handling.Stack.Buffer.Overflow Sophos.Antivirus.CAB.File.typeCompress.Parsing.Buffer.Overflow Sophos.Antivirus.RAR.VMSF.DELTA.Filter.Memory.Corruption Persistent.Systems.Radia.Client.Automation.Command.Injection Netgate.pfSense.WebGUI.Zone.Parameter.XSS Netgate.pfSense.XMLRPC.Code.Injection Multiple.Vendors.Telnet.Default.Credentials.Security.Bypass Multiple.Vendors.udpServerSys.Service.Command.Injection Phoenix.Contact.TC.Router.Cloud.Client.Command.Injection PHP.User.Agent.Backdoor.Command.Injection TerraMaster.TOS.api.php.Information.Disclosure perfSONAR.graphData.Component.SSRF Multiple.Vendors.Command1.Field.Remote.Code.Execution PowerJob.job.save.processorInfo.Command.Injection Crestron.Devices.PARSERtoCHAR.Stack.Overflow SolarWinds.Platform.Orion.Login.Race.Condition TBK.DVR.SOSTREAMAX.Command.Injection Tinyproxy.HTTP.Connection.Headers.Use.After.Free Eveo.URVE.Web.Manager.upload.php.Arbitrary.File.Upload MS.Windows.Ms-Chx-Full.DoS Atlassian.Confluence.CVE-2024-21683.Remote.Code.Execution MS.Windows.Hyper-V.CVE-2024-38080.Privilege.Elevation MS.Windows.Kernel.CVE-2024-38052.Privilege.Elevation MS.Windows.Win32.Kernel.CVE-2024-38085.Privilege.Elevation MS.Windows.Kernel.CVE-2024-38054.Privilege.Elevation MS.Windows.Win32k.CVE-2024-38059.Privilege.Elevation Uniview.ISC.2500-S.VM.php.setNatConfig.Command.Injection Fortra.FileCatalyst.Workflow.pdf_servlet.SQL.Injection Removed (1) PDF.Document.Catalog.Handling.Remote.Memory.Corruption
Patch Tuesday July 2024: Two Active Exploitations and Exchange Data Breach Notifications
The two Actively Exploited zero-days— CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability and CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability—should be trivial to deal with as they can both be addressed by applying either CUs or Security Updates for affected systems. The other two zero-days that are not currently under exploitation are CVE-2024-35264 .NET and Visual Studio Remote Code Execution and CVE-2024-37985 which affects Windows 11 ARM based systems.
See 26 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI