FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-38100

Improper Access Control (CWE-284)

Published: Jul 9, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Windows File Explorer Elevation of Privilege Vulnerability. This vulnerability allows an attacker with low privileges to potentially gain higher privileges on a Windows system through the File Explorer component. The attack vector is local, requiring the attacker to have access to the target system, and the attack complexity is low, meaning it's relatively easy to exploit.

Impact

If successfully exploited, this vulnerability could lead to a complete compromise of the confidentiality, integrity, and availability of the affected system. An attacker could potentially execute arbitrary code with elevated privileges, install programs, view, change, or delete data, or create new accounts with full user rights. This could result in unauthorized access to sensitive information, system modifications, or complete system takeover.

Exploitation

One proof-of-concept exploit is available on github.com. Its exploitation has been reported by various sources, including securityonline.info.

Patch

A patch is available for this vulnerability. Microsoft released an update to address this issue on July 9, 2024.

Mitigation

1. Apply the security update provided by Microsoft as soon as possible. 2. Implement the principle of least privilege, ensuring users and processes operate with the minimum necessary rights. 3. Regularly monitor and audit system activities, especially those involving File Explorer. 4. Keep all Windows systems and software up to date with the latest security patches. 5. Use endpoint detection and response (EDR) solutions to detect and prevent potential exploitation attempts. 6. Implement network segmentation to limit the potential impact of a successful exploit. 7. Educate users about the risks of running untrusted software or clicking on suspicious links, especially when using File Explorer.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.8 has been assigned.

Jul 9, 2024 at 5:05 PM / microsoft
CVE Assignment

NVD published the first details for CVE-2024-38100

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38100. See article

Jul 9, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 9, 2024 at 5:36 PM
Trending

This CVE started to trend in security discussions

Jul 9, 2024 at 8:00 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.2%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE stopped trending in security discussions

Jul 11, 2024 at 6:55 AM
Exploitation in the Wild

Attacks in the wild have been reported by Cybersecurity News. See article

Aug 5, 2024 at 2:42 AM / Cybersecurity News
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2022_23h2
+null more

Exploits

https://github.com/Florian-Hoth/CVE-2024-38100-RCE-POC
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1546.004:
+null more

Attack Patterns

CAPEC-19: Embedding Scripts within Scripts
+null more

News

From CVE to PoC: A Collection Maps Windows Privilege Escalation Landscape
Cybersecurity News / 1d
This repository, hosted on Github, serves as a valuable resource for security researchers, penetration testers, and system administrators interested in understanding and mitigating privilege escalation attacks. Security researcher Michael Zhmaylo has assembled a comprehensive collection of publicly disclosed exploits for Local Privilege Escalation (LPE) vulnerabilities affecting Microsoft Windows operating systems.
Hack: A set of programs for analyzing common vulnerabilities in COM.
AppSec Ezine #557 / 32d
` PermissionHunter - hunt for incorrect LaunchPermission and ActivatePermission CICADA8 Research Team From Michael Zhmaylo (MzHmO) PermissionHunter.exe Small tool that allows you to find vulnerable COM objects with incorrect LaunchPermission and ActivatePermission [OPTIONS] -outfile : output filename -outformat : output format. Incorrect access control to a COM object (LaunchPermission, AccessPermission) - LPE through abusable COM methods, DCOM Authentication relaying.
COMThanasia: analyzing common vulnerabilities in COM
Penetration Testing Tools / 38d
Incorrect access control to a COM object (LaunchPermission, AccessPermission) – LPE through abusable COM methods, DCOM Authentication relaying. If you find a COM object that you can access on behalf of a low-privileged user, for example, you can abuse it as follows:
#cybersecurity / 2mo
Great post about how a DCOM application hosted by explorer process was used to impersonate another session (local privesc cve-2024-38100)🕵️‍♂️ https:// decoder.cloud/2024/08/02/the-f ake-potato # infosec # cybersecurity # redteam # pentest # windows # cve
92.06935
FortiGuard Labs | FortiGuard Antivirus Release Detail / 2mo
Newly Added (3) Android/Agent.DEI!tr Android/Agent.FBB!tr W64/CVE_2024_38100.A!exploit Modified (77) Adware/Fyben!Android Adware/GameHack_AGen Adware/Miner Adware/PullUpdate Adware/SpyLoan!Android Android/Agent.MJZ!tr Android/Obfus.AY!tr ELF/Kryptik.FR!tr Java/Agent.NWR!tr.dldr Linux/Prism.A!tr MSIL/Adload.CD!tr.dldr MSIL/Agent.CVT!tr.spy MSIL/Agent.RDY!tr MSIL/Agent.WNX!tr MSIL/Bladabindi.AN!tr MSIL/GenKryptik.FZQG!tr Malicious_Behavior.SB PDF/Phishing.A!phish PossibleThreat PossibleThreat.ARN.H PossibleThreat.MU PossibleThreat.PALLAS.H PossibleThreat.PALLAS.M PossibleThreat.PALLASNET.H PossibleThreat.PALLASNET.M PossibleThreat.RF Python/KeyLogger.DB!tr.spy Riskware/4Shared Riskware/AdGazelle Riskware/Agent Riskware/Alawar Riskware/Application Riskware/Application!OSX Riskware/ConnectWise Riskware/DiscSoft Riskware/FlyStudio_HackTool Riskware/FlyStudio_Packed Riskware/GameHack Riskware/HackTool_Agent_AGen Riskware/InstallCore Riskware/LeadLabs Riskware/OpenSUpdater Riskware/PUP_XES Riskware/Packed Riskware/Qjwmonkey Riskware/RemoteAdmin_RemoteUtilities Riskware/Runner Riskware/ShopperPro Riskware/YouXun W32/ASH!tr W32/Agent.AHC!tr.dldr W32/Agent.EK!tr W32/Agent.GZX!tr W32/Agent.ODV!tr W32/Agent.SLC!tr W32/Agent.XS!tr W32/Agent.XYX!tr W32/BDoor.EXZ!tr.bdr W32/BadIIS.AG!tr W32/Delf.UEQ!tr W32/FlyStudio.ORR!tr W32/GenKryptik.FSML!tr W32/GenKryptik.HAWE!tr W32/GenKryptik.HBBX!tr W32/Kryptik.FF!tr W32/LummaStealer.B!tr.spy W32/Malicious_Behavior.SBX W32/Malicious_Behavior.VEX W32/NDAoF W32/PossibleThreat W32/RecordBreaker.A!tr W32/VB_AGen.Q!worm W32/Virut.NBP W64/Agent.JO!tr.spy W64/BadIIS.CI!tr W64/GenKryptik_AGen.GL!tr W64/Trojan.FWGI!tr
See 46 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-284(2759)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial