CVE-2024-38106
Microsoft Windows Kernel Privilege Escalation Vuln - [Actively Exploited]
Description
Windows Kernel Elevation of Privilege Vulnerability
INFO
Published Date :
Aug. 13, 2024, 6:15 p.m.
Last Modified :
Aug. 14, 2024, 4:36 p.m.
Source :
[email protected]
Remotely Exploitable :
No
Impact Score :
5.9
Exploitability Score :
1.0
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106; https://nvd.nist.gov/vuln/detail/CVE-2024-38106
Affected Products
The following products are affected by CVE-2024-38106
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-38106
.
URL | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106 | Patch Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-38106
vulnerability anywhere in the article.
- Cybersecurity News
AFP Under Cyberattack: News Delivery Disrupted, Investigation Underway
The French news agency AFP (Agence France-Presse) was hit by a cyberattack on Friday, September 27th, causing disruptions to some of its news delivery systems. Technical experts from AFP, in collabora ... Read more
- Cybersecurity News
Ajina.Banker: Unmasking the Android Malware Targeting Central Asian Banks
Screenshot of the sample found on the VirusTotal platformCybersecurity analysts at Group-IB have uncovered a sophisticated malware campaign targeting bank customers in Central Asia. Dubbed “Ajina.Bank ... Read more
- Cybersecurity News
CVE-2024-38106: 0-Day Windows Kernel Vulnerability Exploited in the Wild, PoC Published
Recently, security researcher Sergey Kornienko from PixiePoint Security published an analysis and proof-of-concept (PoC) exploit for a critical zero-day vulnerability in the Windows Kernel, identified ... Read more
- Dark Reading
North Korean APT Exploits Novel Chromium, Windows Bugs to Steal Crypto
Source: Piotr Malczyk via Alamy Stock PhotoA threat actor belonging to North Korean intelligence burned two novel vulnerabilities last month in an attempt to steal from the cryptocurrency industry.Mos ... Read more
- tripwire.com
Tripwire Patch Priority Index for August 2024
Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that re ... Read more
- security.nl
Google Chrome-gebruikes via drive-by download besmet met rootkit
zondag 1 september 2024, 08:24 door Redactie, 3 reactiesLaatst bijgewerkt: Gisteren, 10:23 Gebruikers van Google Chrome zijn door middel van een drive-by download besmet met een rootkit, zo stelt Micr ... Read more
- security.nl
Google Chrome-gebruikers via drive-by download besmet met rootkit
zondag 1 september 2024, 08:24 door Redactie, 3 reactiesLaatst bijgewerkt: Gisteren, 10:23 Gebruikers van Google Chrome zijn door middel van een drive-by download besmet met een rootkit, zo stelt Micr ... Read more
- TheCyberThrone
North Korean Citrine Sleet behind CVE-2024-7971 exploitation
Microsoft’s threat intelligence team discovered that a known North Korean threat actor exploiting a Chrome remote code execution flaw patched by Google earlier this month.The vulnerability, tracked as ... Read more
- The Hacker News
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
Rootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the ... Read more
- Cybersecurity News
CVE-2024-7971: North Korean APT Citrine Sleet Exploits Chromium Zero-Day
In a recent cybersecurity report, Microsoft Threat Intelligence has revealed that a North Korean threat actor, believed to be Citrine Sleet, has been actively exploiting a zero-day vulnerability (CVE- ... Read more
- The Cyber Express
North Korean Hackers Exploited Chromium Zero-Day to Deploy Rootkit
In a recent attack, a North Korean threat actor leveraged a zero-day vulnerability in Google’s Chromium browser to deploy the FudModule rootkit, targeting cryptocurrency firms for financial gain. Micr ... Read more
- BleepingComputer
North Korean hackers exploit Chrome zero-day to deploy rootkit
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. "We assess ... Read more
- Cybersecurity News
Critical Flaw Discovered in Popular Python Library Pandas
Information Stealer Malware on the Rise: ACSC Issues Urgent Cybersecurity WarningThe Australian Cyber Security Centre (ACSC) has issued a warning about the escalating threat of information stealer mal ... Read more
- crowdstrike.com
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs
Microsoft has released security updates for 85 vulnerabilities in its August 2024 Patch Tuesday rollout. These include six actively exploited zero-days (CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, ... Read more
- security.nl
Microsoft dicht zes actief misbruikte kwetsbaarheden in Office en Windows
Tijdens de patchdinsdag van augustus heeft Microsoft zes kwetsbaarheden in Office en Windows verholpen die actief zijn misbruikt voordat de updates beschikbaar waren. Drie van de beveiligingslekken ma ... Read more
- The Hacker News
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits
Windows Security / Vulnerability Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of th ... Read more
- TheCyberThrone
CISA adds Microsoft Patch Tuesday bugs to its Catalog
The US CISA adds 6 Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog that is released as part of patch Tuesday, August 2024.CVE-2024-38189 – Microsoft Project Remote Code Execut ... Read more
- TheCyberThrone
Microsoft Patch Tuesday-August 2024
Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more
- Cybersecurity News
CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
Microsoft’s August 2024 Patch Tuesday release addresses 88 vulnerabilities, including seven critical flaws and 10 zero-day vulnerabilities. Among these, six are currently being actively exploited in t ... Read more
- Cyber Security News
Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting
Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and serv ... Read more
- The Register
Patch Tuesday brings 90 new Microsoft CVEs, six already under exploit
Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from th ... Read more
- krebsonsecurity.com
Six 0-Days Lead Microsoft’s August 2024 Patch Push
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attac ... Read more
- tripwire.com
VERT Threat Alert: August 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.CVE ... Read more
- Dark Reading
Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update
Source: CC Photo Labs via ShutterstockAttackers are actively exploiting as many as six of the 90 vulnerabilities that Microsoft disclosed in its security update for August, making them a top priority ... Read more
- Help Net Security
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under ... Read more
- BleepingComputer
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an ... Read more
The following table lists the changes that have been made to the
CVE-2024-38106
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106 Patch, Vendor Advisory Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.10240.20751 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.4780 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.4780 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.3147 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4037 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.4037 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.1457 *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2655 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1085 -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Aug. 14, 2024
Action Type Old Value New Value Added Vulnerability Name Microsoft Windows Kernel Privilege Escalation Vulnerability Added Due Date 2024-09-03 Added Date Added 2024-08-13 Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. -
CVE Received by [email protected]
Aug. 13, 2024
Action Type Old Value New Value Added Description Windows Kernel Elevation of Privilege Vulnerability Added Reference Microsoft Corporation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106 [No types assigned] Added CWE Microsoft Corporation CWE-591 Added CVSS V3.1 Microsoft Corporation AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-38106
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-38106
weaknesses.