FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-38148

Out-of-bounds Read (CWE-125)

Published: Aug 13, 2024

010
CVSS 7.5EPSS 0.05%High
CVE info copied to clipboard

Summary

Windows Secure Channel Denial of Service Vulnerability. This is a network-based vulnerability with low attack complexity that requires no user interaction or privileges. It affects the availability of the system but does not impact confidentiality or integrity. The vulnerability is classified as an Out-of-bounds Read (CWE-125).

Impact

This vulnerability can be exploited to cause a Denial of Service (DoS) attack on the affected Windows systems. The attack can be initiated remotely over the network without requiring any user interaction or special privileges. If successfully exploited, it could lead to high availability impact, potentially causing system downtime or service interruptions. The vulnerability has a CVSS v3.1 base score of 7.5, indicating a high severity level.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on August 13, 2024. The patch addresses the vulnerability in multiple versions of Windows, including Windows 11 (versions 21H2, 22H2, 23H2, and 24H2) and Windows Server 2022 (including version 23H2). Specific version numbers that should be patched to are: - Windows 11 24H2: 10.0.26100.1457 or later - Windows 11 23H2: 10.0.22631.4037 or later - Windows 11 22H2: 10.0.22621.4037 or later - Windows 11 21H2: 10.0.22000.3147 or later - Windows Server 2022: 10.0.20348.2655 or later - Windows Server 2022 23H2: 10.0.25398.1085 or later

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. Implement network segmentation to limit exposure of vulnerable systems. 3. Monitor for unusual network activity or signs of DoS attacks. 4. Ensure all Windows systems are up-to-date with the latest security updates. 5. Consider implementing additional network security measures such as intrusion detection/prevention systems (IDS/IPS) to help detect and mitigate potential attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92160)

Aug 13, 2024 at 7:53 AM
First Article

Feedly found the first article mentioning CVE-2024-38148. See article

Aug 13, 2024 at 5:37 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 13, 2024 at 5:37 PM
CVE Assignment

NVD published the first details for CVE-2024-38148

Aug 13, 2024 at 6:15 PM
Threat Intelligence Report

CVE-2024-38148 is a critical vulnerability with a CVSS score of 7.5 affecting the Windows Transport Security Layer (TLS). It is currently being exploited in the wild by threat actors, and there are proof-of-concept exploits available. Mitigations, detections, and patches are not yet available, leading to potential downstream impacts on other third-party vendors and technologies relying on Windows TLS. See article

Aug 14, 2024 at 2:48 PM
EPSS

EPSS Score was set to: 0.09% (Percentile: 39.6%)

Nov 19, 2024 at 4:19 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_11_24h2
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-540: Overread Buffers
+null more

References

Microsoft August 2024 Security Updates
NCSC-FI vulnerabilities summary 2024-08-13 / 3mo
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
Windows Secure Channel Denial of Service Vulnerability
Microsoft Security Advisories - MSRC / 3mo
The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Windows Server 2022, 23H2 Edition (Server Core installation)
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
Malware Analysis, News and Indicators - Latest topics / 3mo
CVE-2024-38189 (CVSS: 8.8) : This vulnerability affects Microsoft Project, allowing RCE when a user opens a malicious file with security features like macro-blocking and notifications are disabled. August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
See 2 more references

News

28.851
FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates / 2mo
Newly Added (2) ZTE.F6x2W.Routers.Frm_Logintoken.Authentication.Bypass TOTOLINK.A7000R.setWizardCfg.Buffer.Overflow Modified (33) Adobe.Acrobat.XPS.TIFF.Record.String.Memory.Corruption Adobe.Acrobat.XPS.APP13.Handling.Memory.Corruption OpenSSL.c_rehash.Script.Command.Injection Roundcube.Webmail.rcube_washtml.php.XSS MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption Sophos.Web.Appliance.change_password.Privilege.Escalation MS.Windows.DirectX.CVE-2018-8486.Information.Disclosure MS.Windows.DS.Service.CVE-2019-0572.Privilege.Elevation TVT.DVR.Remote.Code.Execution TVT.DVR.Hardcode.Credential.Login TVT.DVR.HTTP.Header.Buffer.Overflow MS.Windows.AD.Domain.Services.Privilege.Elevation Splunk.Enterprise.modules.messaging.Path.Traversal QiHang.Digital.Signage.QH.Arbitrary.File.Access MS.DWM.Core.Library.CVE-2024-38147.Privilege.Elevation MS.Windows.Secure.Channel.CVE-2024-38148.DoS Draytek.Vigor.user_login.cgi.Format.String Google.Chrome.WebAssembly.CVE-2024-3833.Memory.Corruption Adobe.Acrobat.CVE-2024-41830.Use.After.Free Adobe.Acrobat.CVE-2024-41831.Use.After.Free Adobe.Acrobat.CVE-2024-41832.Out-of-Bounds.Read Adobe.Acrobat.CVE-2024-39426.Memory.Corruption Adobe.Acrobat.CVE-2024-39423.Out-of-Bounds.Write Adobe.Acrobat.CVE-2024-39424.Use.After.Free Adobe.Acrobat.CVE-2024-39422.Use.After.Free Adobe.Acrobat.CVE-2024-39383.Use.After.Free Adobe.Acrobat.CVE-2024-41833.Out-of-Bounds.Read Adobe.Acrobat.CVE-2024-41834.Out-of-Bounds.Read Adobe.Acrobat.CVE-2024-41835.Out-of-Bounds.Read Multiple.Web.Browsers.Localhost.APIs.CSRF MS.Windows.RDL.Services.CVE-2024-38077.Remote.Code.Execution Cisco.SSM.On-Prem.Authentication.Bypass MS.Windows.TCP.IP.IppReceiveHeaderBatch.Remote.Code.Execution
exploits.club Weekly Newsletter 35 - NPU exploits, Phrack 71, 2014 Tablet Hacks, and More
exploits.club / 2mo
The post takes a look at a UAF in Windows Secure Channel ( CVE-2024-38148 ), walking through a quick patch diff, running through an RCA, and explaining why Microsoft is wrong to think its not exploitable. Introduction To Windows Secure Channel RCE: CVE-2024-28148 - In a new post this week, @vv474172261 shows us how a DOS bug may actually just be a skill issue.
RT VictorV: https://v-v.space/2024/08/19/CVE-2024-38148/ Check my blog about Windows secure channel RCE analysis, though MSRC thought it's a DOS. By t...
Twitter @Nicolas Krassas / 3mo
RT VictorV https://v-v.space/2024/08/19/CVE-2024-38148/ Check my blog about Windows secure channel RCE analysis, though MSRC thought it's a DOS. By the way, I'm not the finder. Share for studying
Introduction to Windows Secure Channel RCE CVE-2024-38148
For [Blue|Purple] Teams in Cyber Defence / 3mo
submitted by /u/digicat [link] [comments]
Introduction to Windows Secure Channel RCE CVE-2024-38148
posts from Malware, HowToHack, blueteamsec, antiforensics, cybersecurity, securityCTF, netsec, sysadmin, rootkit, InfoSecNews, AskNetsec, hacking, ReverseEngineering / 3mo
submitted by /u/digicat to r/blueteamsec [link] [comments]
See 36 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

CVSS 7.5(51562)CWE-125(6651)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial