CVE-2024-38184

Out-of-bounds Read (CWE-125)

Published: Aug 13, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

A signature check bypass vulnerability exists in the License update functionality of Microsoft CLIPSP.SYS 10.0.22621 Build 22621, 10.0.26080.1 and 10.0.26085.1. A specially crafted license blob can lead to license tampering. An attacker can use the NtQuerySystemInformation function call to trigger this vulnerability.

Impact

This vulnerability has a high impact on system integrity and confidentiality. Successful exploitation could allow an attacker to bypass signature checks and tamper with licenses, potentially leading to unauthorized access or privilege escalation. The vulnerability affects multiple versions of Windows, including Windows 10, Windows 11, and Windows Server, making it a widespread issue. With a CVSS base score of 7.8 (High), this vulnerability represents a significant risk to affected systems.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Microsoft has released updates to address CVE-2024-38184 across multiple affected Windows versions. Security teams should prioritize applying these patches, especially given the high CVSS score and the potential for local exploitation.

Mitigation

1. Apply the latest security updates provided by Microsoft for the affected Windows versions. 2. Prioritize patching based on the criticality of the systems and their exposure to potential attackers. 3. Implement the principle of least privilege to minimize the impact of potential exploits. 4. Monitor system activities, especially those related to license updates and the use of NtQuerySystemInformation function calls. 5. Ensure that only trusted users have local access to critical systems. 6. Consider implementing application whitelisting to prevent unauthorized executables from running. 7. Regularly audit system configurations and license states to detect any tampering attempts.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 7.8 has been assigned.

Aug 13, 2024 at 5:35 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-38184. See article

Aug 13, 2024 at 6:07 PM / Zero Day Initiative - Blog
CVE Assignment

NVD published the first details for CVE-2024-38184

Aug 13, 2024 at 6:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 13, 2024 at 6:31 PM
CVSS

A CVSS base score of 7.8 has been assigned.

Oct 28, 2024 at 9:16 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 19%)

Nov 19, 2024 at 4:37 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_11_22h2
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-540: Overread Buffers
+null more

References

Microsoft August 2024 Security Updates
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
VERT Threat Alert: August 2024 Patch Tuesday Analysis
While updates for CVE-2024-38200 were released as part of the August Patch Tuesday drop, Microsoft had already enabled a fix for this issue on July 30, meaning that all users of supported versions of Office were protected. This vulnerability, a privilege escalation in the Windows Kernel, requires that the attacker win a race condition to successfully exploit it.

News

RSnake Report 20240908
The United States and Ukraine are collaborating to develop alternatives to Soviet-era air-defense systems to enhance Ukraine’s military capabilities amidst ongoing conflict with Russia. The US has announced a new $250-million-worth military aid package for Ukraine, which includes ammunition for artillery and air defense systems, as well as armored vehicles.
Keyhole – Forge own Windows Store licenses
Whenever a CLiP-licensed app is installed, a signed XML file containing the license information is sent to ; once the XML signature is verified, the XML data is stored in ClipSVC's "token store" at . It gave users the ability to license any Microsoft Store app or any modern Windows edition with ease.
CNNVD | 关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
AI, election security headline discussions at Black Hat and DEF CON
Easterly said many technology companies have voluntarily adopted CISA’s secure-by-design standards, which pledges to bake cybersecurity and vulnerability reviews into the design process of all new hardware and software products. Talos released a new Snort rule set that detects attempts to exploit some of the vulnerabilities disclosed Tuesday.
Microsoft’s August Security Update on High-Risk Vulnerabilities in Multiple Products - Security Boulevard
On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio and Azure, including high-risk vulnerabilities such as privilege escalation and remote code execution. Due to an error in the Windows Power Dependency Coordinator after release, local attackers authenticated by ordinary users can exploit this vulnerability by running special programs to obtain SYSTEM permissions of the target system.
See 41 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI