FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-38091

Improper Handling of Missing Special Element (CWE-166)

Published: Jul 9, 2024

010
CVSS 7.5EPSS 0.05%High
CVE info copied to clipboard

Summary

Microsoft WS-Discovery Denial of Service Vulnerability. This vulnerability is related to improper handling of missing special elements and improper input validation in Microsoft's WS-Discovery implementation. The vulnerability affects multiple versions of Windows operating systems, including Windows Server and Windows 10/11.

Impact

This vulnerability allows for a network-based attack that can lead to a denial of service condition. The attack requires no user interaction and can be executed with low attack complexity. While it does not impact the confidentiality or integrity of the system, it has a high impact on the availability of the affected service. This could potentially disrupt critical services relying on WS-Discovery, affecting business operations and system accessibility.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft released the patch on July 9, 2024. Security teams should prioritize applying this patch to affected systems, particularly those exposed to untrusted networks.

Mitigation

Apply the latest security updates provided by Microsoft. Implement network segmentation and access controls to limit exposure of vulnerable systems. Monitor for unusual network traffic patterns that might indicate exploitation attempts. For systems that cannot be immediately patched, consider temporarily disabling the WS-Discovery service if it's not critical for operations.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Jul 9, 2024 at 5:05 PM / microsoft
CVE Assignment

NVD published the first details for CVE-2024-38091

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38091. See article

Jul 9, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 9, 2024 at 5:36 PM
Trending

This CVE started to trend in security discussions

Jul 9, 2024 at 7:13 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 17.2%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE stopped trending in security discussions

Jul 12, 2024 at 8:36 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2022
+null more

Patches

Microsoft
+null more

News

Xerox Security Bulletin XRX24- 013 for Xerox® FreeFlow® Print Server v2 / Windows® 10
Security Bulletins for Xerox Products / 2mo
The methods of Security Patch Update delivery and install are over the network using FreeFlow® Print Server Update Manager or directly from Microsoft® using Windows® Update service, and using media (i.e., USB). The FreeFlow® Print Server engineering team receives new patch updates in January, April, July, and October, and will test them for supported Printer products (such as iGen®5 printers) prior to delivery for customer install.
Microsoft WS-Discovery Denial of Service VulnerabilityMicrosoft WS-Discovery ...
CVE | THREATINT - UPDATED.RSS / 3mo
Microsoft WS-Discovery Denial of Service Vulnerability
Microsoft’s Security Update in July of High-Risk Vulnerabilities in Multiple Products
Security Boulevard / 4mo
On July 10, NSFOCUS CERT detected that Microsoft released a security update patch for July, which fixed 139 security issues involving Windows, Microsoft SQL Server, Microsoft Office, Azure and other widely used products, including high-risk vulnerabilities such as privilege escalation and remote code execution. Due to the heap-based buffer overflow in the Windows remote desktop authorization service, unauthenticated attackers can send special packets to the server set as the remote desktop authorization server, triggering the buffer overflow and executing arbitrary codes on the target system.
[Cyware] Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Cyber Security News Aggregator / 4mo
Summary: This content highlights the latest vulnerabilities and their severity in various Microsoft products, including .NET and Visual Studio, Active Directory Rights Management Services, Azure CycleCloud, and Azure DevOps. Threat …
Microsoft Enhances Windows 11 24H2 Copilot+ PCs in July Patch Tuesday
WinBuzzer / 4mo
Windows Graphics Component Remote Code Execution Vulnerability Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
See 23 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

CVSS 7.5(51562)CWE-166(2)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial