CVE-2024-38196

Improper Input Validation (CWE-20)

Published: Aug 13, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This vulnerability allows an attacker with low privileges to potentially gain elevated privileges on a Windows system. The attack vector is local, requiring the attacker to have access to the target system, and the attack complexity is low, indicating it's relatively easy to exploit.

Impact

If successfully exploited, this vulnerability could lead to a complete compromise of the confidentiality, integrity, and availability of the affected system. An attacker could potentially gain high-level privileges, allowing them to view, change, or delete sensitive data, install programs, or create new accounts with full user rights. This could result in unauthorized access to critical system resources and potential system-wide compromise.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on August 13, 2024.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. Implement the principle of least privilege, ensuring users and applications operate with the minimum necessary permissions. 3. Monitor and audit system activities, especially those involving elevated privileges. 4. Keep all Windows systems and software up to date with the latest security patches. 5. Implement network segmentation to limit the potential spread if a system is compromised. 6. Use endpoint detection and response (EDR) solutions to detect and respond to potential exploitation attempts.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92160)

Aug 13, 2024 at 7:53 AM
First Article

Feedly found the first article mentioning CVE-2024-38196. See article

Aug 13, 2024 at 5:49 PM / FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates
CVE Assignment

NVD published the first details for CVE-2024-38196

Aug 13, 2024 at 6:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 13, 2024 at 6:31 PM
Threat Intelligence Report

CVE-2024-38196 is a critical vulnerability with a CVSS score of 7.8 in the Windows Common Log File System Driver. It is currently being exploited in the wild by threat actors, and there are proof-of-concept exploits available. Mitigations, detections, and patches are not yet available, leading to potential downstream impacts on other third-party vendors and technologies. See article

Aug 14, 2024 at 2:48 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 19%)

Nov 19, 2024 at 4:43 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_10_1809
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Microsoft August 2024 Security Updates
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
CVE-2024-38189 (CVSS: 8.8) : This vulnerability affects Microsoft Project, allowing RCE when a user opens a malicious file with security features like macro-blocking and notifications are disabled. August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
CVE-2024-38189 (CVSS: 8.8) : This vulnerability affects Microsoft Project, allowing RCE when a user opens a malicious file with security features like macro-blocking and notifications are disabled. CVE-2024-38213 (CVSS: 6.5) : Initially patched in June 2024, this zero-day vulnerability, dubbed “copy2pwn,” allows attackers to bypass Windows SmartScreen protections.
See 1 more references

News

5 - CVE-2024-38196
Currently trending CVE - hypeScore: 1 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
There's a recent writeup about a CLFS LPE vulnerability in Windows that still worked "at the time of trying this on Windows 11 latest version." Just to try to get ahead of this (LOL): - It was fixed in August. - It's probably CVE-2024-38196, but given the content-free nature of MSRC writeups, probably only Microsoft knows what CVE it actually is. Using the phrase "at the time of trying this" without indicating what "the time" was (it was clearly over two months before the publication was released) is deceptive, if not a lie through omission. https:// ssd-disclosure.com/ssd-advisor y-common-log-file-system-clfs-driver-pe/
28.852
Newly Added (1) TOTOLINK.A3600R.setIpQosRules.Buffer.Overflow Modified (27) Adobe.Acrobat.AcroPDF.DLL.Memory.Corruption Adobe.Acrobat.AcroForm.Field.Memory.Corruption Accellion.FTA.MPIPE2.Command.Execution Adobe.Acrobat.PDF417.Handling.Code.Execution Adobe.Acrobat.Triangle.Object.Memory.Corruption Adobe.Acrobat.CVE-2015-3053.Use.After.Free Adobe.Acrobat.CVE-2015-4447.Security.Bypass Adobe.Acrobat.CVE-2016-1050.Use.After.Free Adobe.Acrobat.CVE-2017-11263.Memory.Corruption Adobe.Acrobat.AcroForm.Image.Decoding.Out-of-Bounds.Write Adobe.Acrobat.AcroForm.Image.Handling.Out-of-Bounds.Write Adobe.Acrobat.EMF.CVE-2018-5030.Information.Disclosure D-Link.Devices.HNAP1.Command.Injection Adobe.Acrobat.JS.Field.Name.Out-of-Bounds.Read D-Link.Devices.HNAP.PrivateLogin.Authentication.Bypass Adobe.Commerce.Open.Source.Shipping.Policy.XSS Adobe.ColdFusion.CVE-2022-38419.Information.Disclosure Adobe.Commerce.Open.Source.Widget.Code.XXE Adobe.Commerce.Open.Source.Group.php.XSS MS.Windows.Kernel.CVE-2024-38106.Privilege.Elevation MS.Windows.Driver.CVE-2024-38141.Privilege.Elevation MS.Windows.Kernel.CVE-2024-38144.Privilege.Elevation MS.Windows.DWM.Core.CVE-2024-38150.Privilege.Elevation MS.Windows.Scripting.Engine.CVE-2024-38178.Memory.Corruption MS.Windows.ksthunk.sys.CVE-2024-38125.Privilege.Elevation MS.Windows.CLFS.Driver.CVE-2024-38196.Privilege.Elevation MS.Windows.Driver.CVE-2024-38193.Privilege.Elevation
CNNVD | 关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
cveNotify : 🚨 CVE-2024-38196Windows Common Log File System Driver Elevation of Privilege Vulnerability🎖@cveNotify
cveNotify : 🚨 CVE-2024-38196Windows Common Log File System Driver Elevation of Privilege Vulnerability🎖@cveNotify
See 37 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI