FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-38150

Use After Free (CWE-416)

Published: Aug 13, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Windows DWM Core Library Elevation of Privilege Vulnerability. This is a local vulnerability with a low attack complexity that requires low privileges and no user interaction. It has high impacts on confidentiality, integrity, and availability. The vulnerability is classified as a Use After Free (CWE-416) issue.

Impact

An attacker with low privileges could exploit this vulnerability to elevate their privileges on a local system. Successful exploitation could lead to a significant compromise of the affected system, potentially allowing the attacker to gain high-level access to confidential information, modify or destroy data, and disrupt system availability. The vulnerability has a CVSS v3.1 base score of 7.8, indicating a high severity level.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft released an official fix for this vulnerability on August 13, 2024. The following Windows versions are affected and should be updated: 1. Windows Server 2022 (versions before 10.0.20348.2655) 2. Windows 10 22H2 (versions before 10.0.19045.4780) 3. Windows 11 23H2 (versions before 10.0.22631.4037) 4. Windows 10 21H2 (versions before 10.0.19044.4780) 5. Windows 11 22H2 (versions before 10.0.22621.4037) 6. Windows 11 24H2 (versions before 10.0.26100.1457) 7. Windows Server 2022 23H2 (versions before 10.0.25398.1085) 8. Windows 11 21H2 (versions before 10.0.22000.3147)

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. This should be prioritized due to the high severity of the vulnerability. 2. Implement the principle of least privilege to minimize the number of users with low-level privileges that could potentially exploit this vulnerability. 3. Monitor for unusual activity or privilege escalation attempts on local systems. 4. Keep systems and software up-to-date with the latest security patches. 5. Use endpoint detection and response (EDR) solutions to detect and prevent exploitation attempts. 6. If immediate patching is not possible, consider implementing additional access controls or monitoring on affected systems until the patch can be applied.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92160)

Aug 13, 2024 at 7:53 AM
First Article

Feedly found the first article mentioning CVE-2024-38150. See article

Aug 13, 2024 at 5:37 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 13, 2024 at 5:37 PM
CVE Assignment

NVD published the first details for CVE-2024-38150

Aug 13, 2024 at 6:15 PM
Threat Intelligence Report

CVE-2024-38150 is a critical vulnerability with a CVSS score of 7.8 in the Windows DWM Core Library. It is currently being exploited in the wild by threat actors, and there are proof-of-concept exploits available. Mitigations, detections, and patches are not yet available, leading to potential downstream impacts on other third-party vendors and technologies. See article

Aug 14, 2024 at 2:48 PM
EPSS

EPSS Score was set to: 0.06% (Percentile: 26.7%)

Nov 19, 2024 at 4:19 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_11_21h2
+null more

Patches

Microsoft
+null more

References

Microsoft August 2024 Security Updates
NCSC-FI vulnerabilities summary 2024-08-13 / 3mo
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
Windows DWM Core Library Elevation of Privilege Vulnerability
Microsoft Security Advisories - MSRC / 3mo
The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. What privileges could be gained by an attacker who successfully exploited this vulnerability?
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
Malware Analysis, News and Indicators - Latest topics / 3mo
CVE-2024-38189 (CVSS: 8.8) : This vulnerability affects Microsoft Project, allowing RCE when a user opens a malicious file with security features like macro-blocking and notifications are disabled. August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
See 2 more references

News

28.852
FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates / 2mo
Newly Added (1) TOTOLINK.A3600R.setIpQosRules.Buffer.Overflow Modified (27) Adobe.Acrobat.AcroPDF.DLL.Memory.Corruption Adobe.Acrobat.AcroForm.Field.Memory.Corruption Accellion.FTA.MPIPE2.Command.Execution Adobe.Acrobat.PDF417.Handling.Code.Execution Adobe.Acrobat.Triangle.Object.Memory.Corruption Adobe.Acrobat.CVE-2015-3053.Use.After.Free Adobe.Acrobat.CVE-2015-4447.Security.Bypass Adobe.Acrobat.CVE-2016-1050.Use.After.Free Adobe.Acrobat.CVE-2017-11263.Memory.Corruption Adobe.Acrobat.AcroForm.Image.Decoding.Out-of-Bounds.Write Adobe.Acrobat.AcroForm.Image.Handling.Out-of-Bounds.Write Adobe.Acrobat.EMF.CVE-2018-5030.Information.Disclosure D-Link.Devices.HNAP1.Command.Injection Adobe.Acrobat.JS.Field.Name.Out-of-Bounds.Read D-Link.Devices.HNAP.PrivateLogin.Authentication.Bypass Adobe.Commerce.Open.Source.Shipping.Policy.XSS Adobe.ColdFusion.CVE-2022-38419.Information.Disclosure Adobe.Commerce.Open.Source.Widget.Code.XXE Adobe.Commerce.Open.Source.Group.php.XSS MS.Windows.Kernel.CVE-2024-38106.Privilege.Elevation MS.Windows.Driver.CVE-2024-38141.Privilege.Elevation MS.Windows.Kernel.CVE-2024-38144.Privilege.Elevation MS.Windows.DWM.Core.CVE-2024-38150.Privilege.Elevation MS.Windows.Scripting.Engine.CVE-2024-38178.Memory.Corruption MS.Windows.ksthunk.sys.CVE-2024-38125.Privilege.Elevation MS.Windows.CLFS.Driver.CVE-2024-38196.Privilege.Elevation MS.Windows.Driver.CVE-2024-38193.Privilege.Elevation
CNNVD | 关于微软多个安全漏洞的通报
Doonsec's feed / 3mo
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
Microsoft’s August Security Update on High-Risk Vulnerabilities in Multiple Products - Security Boulevard
"vulnerabilities" - Google News / 3mo
On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio and Azure, including high-risk vulnerabilities such as privilege escalation and remote code execution. Due to an error in the Windows Power Dependency Coordinator after release, local attackers authenticated by ordinary users can exploit this vulnerability by running special programs to obtain SYSTEM permissions of the target system.
Patch Tuesday August 2024: 6 Zero-Day Vulnerabilities Under Active Exploitation, and Windows Downgrade Attacks
N-able / 3mo
On top of Microsoft releasing fixes for an unusually high number of zero-days and vulnerabilities that are under Active Exploitation, there was also a demonstration of a new Downgrade Attack against Windows that was demonstrated at Black Hat 2024 and Def Con 32 —where an NTLM hash attack was also demonstrated. First demonstrated at Black Hat 2024 and Def Con 32, CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege and CVE-2024-38202 are two of the zero-day vulnerabilities that exist in Windows systems that were leveraged by security researcher Alon Leviev with SafeBreach in their proof of concept for a Downgrade Attack with a tool named Windows Downdate.
CNNVD关于微软多个安全漏洞的通报
Doonsec's feed / 3mo
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
See 33 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-416(5008)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial