CVE-2024-38198

Insufficient Verification of Data Authenticity (CWE-345)

Published: Aug 13, 2024

010
CVSS 7.5EPSS 0.05%High
CVE info copied to clipboard

Summary

Windows Print Spooler Elevation of Privilege Vulnerability. This vulnerability affects various versions of Windows operating systems, including Windows 10, Windows 11, and Windows Server editions. It is classified as a High severity vulnerability with a CVSS base score of 7.5. The vulnerability is related to insufficient verification of data authenticity (CWE-345) in the Windows Print Spooler service.

Impact

If exploited, this vulnerability could allow an attacker to gain elevated privileges on the affected system. The attacker could potentially execute arbitrary code with higher privileges, leading to unauthorized access, data manipulation, or system compromise. Given the high impact on confidentiality, integrity, and availability, successful exploitation could result in significant control over the affected system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Microsoft has released security updates to address CVE-2024-38198 across multiple affected Windows versions. These updates were made available on August 13, 2024.

Mitigation

1. Apply the security updates provided by Microsoft as soon as possible. 2. Prioritize patching based on the affected systems in your environment, focusing on critical infrastructure and public-facing servers first. 3. If immediate patching is not possible, consider temporarily disabling the Print Spooler service on systems that don't require printing, especially on Domain Controllers and other sensitive systems. 4. Implement the principle of least privilege to limit the potential impact of successful exploitation. 5. Monitor for unusual activities related to the Print Spooler service and elevation of privileges. 6. Ensure that only authorized users have network access to print servers. 7. Keep all Windows systems up to date with the latest security patches as part of ongoing maintenance.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92160)

Aug 13, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Aug 13, 2024 at 5:36 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-38198. See article

Aug 13, 2024 at 6:07 PM / Zero Day Initiative - Blog
CVE Assignment

NVD published the first details for CVE-2024-38198

Aug 13, 2024 at 6:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 13, 2024 at 6:31 PM
Threat Intelligence Report

CVE-2024-38198 is a critical vulnerability with a CVSS score of 7.5 affecting Windows Print Spooler Components. It is currently being exploited in the wild by threat actors, and there are proof-of-concept exploits available. Mitigations, detections, and patches are recommended to prevent potential downstream impacts to other third-party vendors or technologies. See article

Aug 14, 2024 at 2:48 PM
EPSS

EPSS Score was set to: 0.07% (Percentile: 30.2%)

Nov 19, 2024 at 4:44 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_11_21h2
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1495: Firmware Corruption
+null more

Attack Patterns

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more

References

Microsoft August 2024 Security Updates
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
CVE-2024-38189 (CVSS: 8.8) : This vulnerability affects Microsoft Project, allowing RCE when a user opens a malicious file with security features like macro-blocking and notifications are disabled. August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
CVE-2024-38189 (CVSS: 8.8) : This vulnerability affects Microsoft Project, allowing RCE when a user opens a malicious file with security features like macro-blocking and notifications are disabled. CVE-2024-38213 (CVSS: 6.5) : Initially patched in June 2024, this zero-day vulnerability, dubbed “copy2pwn,” allows attackers to bypass Windows SmartScreen protections.
See 1 more references

News

CNNVD | 关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
EDRKillShifter: A New EDRKilling Malware Weapon for Ransomware Operators
CVE-2024-38213 (CVSS score: 6.5) - Windows Mark of the Web Security Feature Bypass Vulnerability CVE-2024-38213, which enables attackers to circumvent SmartScreen protections, necessitates an attacker sending a malicious file to a user and persuading them to open it. CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability Scott Caveza, a research engineer at Tenable, provided insight on CVE-2024-38200, stating that an attacker could exploit this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email.
cveNotify : 🚨 CVE-2024-38198Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify
cveNotify : 🚨 CVE-2024-38198Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify
Microsoft’s August Security Update on High-Risk Vulnerabilities in Multiple Products - Security Boulevard
On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio and Azure, including high-risk vulnerabilities such as privilege escalation and remote code execution. Due to an error in the Windows Power Dependency Coordinator after release, local attackers authenticated by ordinary users can exploit this vulnerability by running special programs to obtain SYSTEM permissions of the target system.
Patch Tuesday August 2024: 6 Zero-Day Vulnerabilities Under Active Exploitation, and Windows Downgrade Attacks
On top of Microsoft releasing fixes for an unusually high number of zero-days and vulnerabilities that are under Active Exploitation, there was also a demonstration of a new Downgrade Attack against Windows that was demonstrated at Black Hat 2024 and Def Con 32 —where an NTLM hash attack was also demonstrated. First demonstrated at Black Hat 2024 and Def Con 32, CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege and CVE-2024-38202 are two of the zero-day vulnerabilities that exist in Windows systems that were leveraged by security researcher Alon Leviev with SafeBreach in their proof of concept for a Downgrade Attack with a tool named Windows Downdate.
See 39 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI