Sensitive Data Storage in Improperly Locked Memory (CWE-591)
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability. This is a network-based vulnerability with high attack complexity that can lead to a high impact on system availability. The vulnerability requires no user interaction or privileges to exploit.
This vulnerability allows an unauthenticated attacker to cause a denial of service condition in systems using Microsoft Virtual Hard Disk (VHDX). The attack can be launched remotely over a network, although it requires a high level of complexity to execute. If successful, it can severely impact the availability of the affected system, potentially causing disruptions to services or operations dependent on VHDX.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released an official fix for this vulnerability on November 12, 2024.
1. Apply the official patch released by Microsoft as soon as possible. 2. Monitor systems for any unusual activity or performance issues related to VHDX usage. 3. Implement network segmentation to limit exposure of systems using VHDX to untrusted networks. 4. Consider implementing additional network security controls to filter potentially malicious traffic targeting VHDX systems. 5. Keep all systems and software up to date with the latest security patches.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Feedly found the first article mentioning CVE-2024-38264. See article
Feedly estimated the CVSS score as HIGH
Detection for the vulnerability has been added to Qualys (92186)
A CVSS base score of 5.9 has been assigned.
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-38264
EPSS Score was set to: 0.05% (Percentile: 18.3%)
EPSS Score was set to: 0.05% (Percentile: 18.3%)