FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-38107

Use After Free (CWE-416)

Published: Aug 13, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability. This vulnerability is classified as a Use After Free (CWE-416) issue. It affects Microsoft Windows products and has a CVSS v3.1 base score of 7.8, which is considered a medium severity. The vulnerability allows an attacker with low privileges to execute code with elevated system privileges, potentially gaining full control of the affected system. It has a local attack vector and low attack complexity.

Impact

This vulnerability has high impacts on confidentiality, integrity, and availability of the system. An attacker who has already gained initial access to the system could easily exploit this vulnerability to escalate their privileges to SYSTEM-level access. This could lead to complete system compromise, allowing the attacker to execute arbitrary code, access sensitive information, modify system settings, and potentially spread to other networked systems.

Exploitation

There is no evidence that a public proof-of-concept exists. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list. Its exploitation has been reported by various sources, including cisa.gov.

Patch

A patch is available. Microsoft released an update to address this vulnerability on August 13, 2024. The security update should be applied to affected systems as soon as possible. Affected versions include various releases of Windows 10, Windows 11, and Windows Server from 2012 to 2022.

Mitigation

1. Apply the security update provided by Microsoft immediately to all affected systems. 2. Implement the principle of least privilege to limit potential impact of exploitation. 3. Monitor systems for suspicious activities that might indicate attempted exploitation. 4. Keep all Windows systems and software up to date with the latest security patches. 5. Consider implementing application whitelisting to prevent unauthorized code execution. 6. Regularly audit user permissions and remove unnecessary elevated privileges. 7. Use network segmentation to limit the spread of potential compromise.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92160)

Aug 13, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.8 has been assigned.

Aug 13, 2024 at 5:35 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-38107. See article

Aug 13, 2024 at 5:37 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 13, 2024 at 5:38 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 13, 2024 at 6:05 PM
CVE Assignment

NVD published the first details for CVE-2024-38107

Aug 13, 2024 at 6:15 PM
Exploitation in the Wild

Attacks in the wild have been reported by CISA Known Exploited Vulnerability.

Aug 13, 2024 at 6:30 PM / CISA Known Exploited Vulnerability
Exploitation in the Wild

Attacks in the wild have been reported by CISA - Known exploited vulnerabilities catalog. See article

Aug 13, 2024 at 6:33 PM / CISA - Known exploited vulnerabilities catalog
Threat Intelligence Report

CVE-2024-38107 is a critical Elevation of Privilege Vulnerability affecting Windows Power Dependency Coordinator, with a CVSSv3 score of 7.8. It was exploited in the wild as a zero-day, though specific details of exploitation are unknown. Microsoft has released patches for all supported versions of Windows and Windows Server to address this vulnerability. See article

Aug 13, 2024 at 7:15 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2022
+null more

Proof Of Exploit

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38107
+null more

Patches

Microsoft
+null more

Vendor Advisory

CVE-2024-38107 - Security Update Guide - Microsoft - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Microsoft Security Response Center / 3mo
There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable).

References

CVE-2024-38107 - Security Update Guide - Microsoft - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Microsoft Security Response Center / 3mo
There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable).
Microsoft August 2024 Security Updates
NCSC-FI vulnerabilities summary 2024-08-13 / 3mo
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Microsoft Security Advisories - MSRC / 3mo
The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. What privileges could be gained by an attacker who successfully exploited this vulnerability?
See 13 more references

News

FOCUS FRIDAY: INSIGHTS INTO THIRD-PARTY RISKS IN FORTINET CORE PRODUCTS, CISCO RV ROUTERS, AND IVANTI CONNECT SECURE VULNERABILITIES
Cybersecurity Blog for Third Party Risk Management - Black Kite / 39d
Can you confirm if you have implemented network monitoring solutions to detect any suspicious activity that could indicate an exploitation of the privilege escalation and remote code execution vulnerabilities (CVE-2024-20393 and CVE-2024-20470) in the Cisco Small Business RV Series routers? Have you taken steps to restrict network access to the affected Cisco Small Business RV Series routers to local connections only, as a measure to mitigate the risk of CVE-2024-20393 and CVE-2024-20470?
FOCUS FRIDAY: THIRD-PARTY RISK INSIGHTS ON ZIMBRA, DrayTek ROUTERS, AUTHENTIK, AND OCTOPUS DEPLOY VULNERABILITIES
Black Kite / 46d
For TPRM professionals, ensuring that vendors using DrayTek routers are secured against CVE-2020-15415 is vital to preventing unauthorized access to critical data or systems. These vulnerabilities pose significant risks, potentially allowing unauthorized access, remote command execution, and data breaches.
Snac Fediverse Instance
Welcome to snac.bsd.cafe / 46d
You can have an updated security advisory, as a treat: Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability CVE-2024-20381 (8.8 high, disclosed 11 September 2024) was updated for "Clarified affected products and vulnerable configuration." CVE-2024-43491 ( 9.8 critical ) Microsoft Windows Update Remote Code Execution Vulnerability (EXPLOITED)
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs
Recent-Articles / 49d
Severity CVSS Score CVE Description Important 7.8 CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity CVSS Score CVE Description Important 8.8 CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
FOCUS FRIDAY: TPRM INSIGHTS INTO PGADMIN, KEYCLOAK, AND NAVIDROME VULNERABILITIES
Black Kite / 53d
In the context of third-party risk management, if a vendor’s PostgreSQL database configuration is compromised, it could result in unauthorized access to confidential data, potentially impacting the integrity of both the vendor and the organization relying on the data. This particular vulnerability affects an authentication mechanism, meaning an attacker could use compromised OAuth2 credentials to impersonate legitimate users and access sensitive data or configurations.
See 195 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-416(5008)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial