CVE-2024-38125

Numeric Truncation Error (CWE-197)

Published: Aug 13, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability in Microsoft systems. This is a local vulnerability with a low attack complexity and requires low privileges to exploit. It does not require user interaction.

Impact

Successful exploitation of this vulnerability could lead to a high impact on confidentiality, integrity, and availability of the affected system. An attacker who successfully exploits this vulnerability could gain elevated privileges on the targeted system, potentially allowing them to execute arbitrary code with system-level privileges, access or modify sensitive data, or disrupt system operations.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on August 13, 2024.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. Implement the principle of least privilege, ensuring users and applications operate with minimal necessary permissions. 3. Monitor and restrict local access to systems, as the vulnerability requires local access to exploit. 4. Keep all Microsoft systems and software up to date with the latest security updates. 5. Implement robust access controls and user authentication mechanisms. 6. Use endpoint detection and response (EDR) solutions to monitor for suspicious activities that might indicate exploitation attempts.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92160)

Aug 13, 2024 at 7:53 AM
First Article

Feedly found the first article mentioning CVE-2024-38125. See article

Aug 13, 2024 at 5:37 PM / Microsoft Security Advisories - MSRC
CVE Assignment

NVD published the first details for CVE-2024-38125

Aug 13, 2024 at 6:15 PM
Threat Intelligence Report

CVE-2024-38125 is a critical vulnerability with a CVSS score of 7.8 affecting Microsoft Streaming Service. It is currently being exploited in the wild by threat actors, and there are proof-of-concept exploits available. Mitigations, detections, and patches have not been released yet, potentially impacting other third-party vendors and technologies relying on the service. See article

Aug 14, 2024 at 2:48 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 19%)

Nov 19, 2024 at 4:03 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2019
+null more

Patches

Microsoft
+null more

References

Microsoft August 2024 Security Updates
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
CVE-2024-38189 (CVSS: 8.8) : This vulnerability affects Microsoft Project, allowing RCE when a user opens a malicious file with security features like macro-blocking and notifications are disabled. August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
See 2 more references

News

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 October 2024
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
Update Sun Sep 15 22:27:34 UTC 2024
Update Sun Sep 15 22:27:34 UTC 2024
The SOS Intelligence CVE Chatter Weekly Top Ten – 02 September 2024
SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week. Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
28.852
Newly Added (1) TOTOLINK.A3600R.setIpQosRules.Buffer.Overflow Modified (27) Adobe.Acrobat.AcroPDF.DLL.Memory.Corruption Adobe.Acrobat.AcroForm.Field.Memory.Corruption Accellion.FTA.MPIPE2.Command.Execution Adobe.Acrobat.PDF417.Handling.Code.Execution Adobe.Acrobat.Triangle.Object.Memory.Corruption Adobe.Acrobat.CVE-2015-3053.Use.After.Free Adobe.Acrobat.CVE-2015-4447.Security.Bypass Adobe.Acrobat.CVE-2016-1050.Use.After.Free Adobe.Acrobat.CVE-2017-11263.Memory.Corruption Adobe.Acrobat.AcroForm.Image.Decoding.Out-of-Bounds.Write Adobe.Acrobat.AcroForm.Image.Handling.Out-of-Bounds.Write Adobe.Acrobat.EMF.CVE-2018-5030.Information.Disclosure D-Link.Devices.HNAP1.Command.Injection Adobe.Acrobat.JS.Field.Name.Out-of-Bounds.Read D-Link.Devices.HNAP.PrivateLogin.Authentication.Bypass Adobe.Commerce.Open.Source.Shipping.Policy.XSS Adobe.ColdFusion.CVE-2022-38419.Information.Disclosure Adobe.Commerce.Open.Source.Widget.Code.XXE Adobe.Commerce.Open.Source.Group.php.XSS MS.Windows.Kernel.CVE-2024-38106.Privilege.Elevation MS.Windows.Driver.CVE-2024-38141.Privilege.Elevation MS.Windows.Kernel.CVE-2024-38144.Privilege.Elevation MS.Windows.DWM.Core.CVE-2024-38150.Privilege.Elevation MS.Windows.Scripting.Engine.CVE-2024-38178.Memory.Corruption MS.Windows.ksthunk.sys.CVE-2024-38125.Privilege.Elevation MS.Windows.CLFS.Driver.CVE-2024-38196.Privilege.Elevation MS.Windows.Driver.CVE-2024-38193.Privilege.Elevation
CNNVD | 关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
See 35 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI