Known Exploited Vulnerability
7.8
HIGH
CVE-2024-38193
Microsoft Windows Ancillary Function Driver for Wi - [Actively Exploited]
Description

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

INFO

Published Date :

Aug. 13, 2024, 6:15 p.m.

Last Modified :

Aug. 14, 2024, 4:31 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193; https://nvd.nist.gov/vuln/detail/CVE-2024-38193

Public PoC/Exploit Available at Github

CVE-2024-38193 has a 4 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-38193 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2008
2 Microsoft windows_server_2012
3 Microsoft windows_server_2016
4 Microsoft windows_server_2019
5 Microsoft windows_10_1607
6 Microsoft windows_10_1809
7 Microsoft windows_10_21h2
8 Microsoft windows_10_22h2
9 Microsoft windows_server_2022
10 Microsoft windows_11_21h2
11 Microsoft windows_11_22h2
12 Microsoft windows_10_1507
13 Microsoft windows_11_23h2
14 Microsoft windows_server_2022_23h2
15 Microsoft windows_server_23h2
16 Microsoft windows_server_2012_r2
17 Microsoft windows_server_2008_r2
18 Microsoft windows_server_2008_sp2
19 Microsoft windows_11_24h2
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-38193.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

C++

Updated: 2 weeks, 1 day ago
0 stars 5 fork 5 watcher
Born at : Dec. 3, 2024, 8:56 a.m. This repo has been linked 1 different CVEs too.

None

C++

Updated: 2 weeks, 1 day ago
3 stars 0 fork 0 watcher
Born at : Nov. 18, 2024, 11:34 p.m. This repo has been linked 1 different CVEs too.

None

Java HTML

Updated: 3 months, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : April 30, 2024, 6:41 a.m. This repo has been linked 1 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 1 week, 4 days ago
6566 stars 1140 fork 1140 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 958 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-38193 vulnerability anywhere in the article.

  • Cybersecurity News
Unmasking “Marko Polo”: The Infostealer Gang Targeting Thousands

Marko Polo infection chain (Source: Recorded Future)Researchers at Recorded Future have uncovered a large-scale cyberattack affecting tens of thousands of devices worldwide. It was later revealed that ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
Hackers Exploit Foundation Software, Exposing Sensitive Contractor Data

Attacker commands enumerating machine details | Image: HuntressRecently, the cybersecurity company Huntress reported a new wave of cyberattacks targeting the widely-used Foundation Accounting Software ... Read more

Published Date: Sep 19, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
CISA Flags Two Actively Exploited Vulnerabilities: Critical Threats to Windows and WhatsUp Gold

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding two actively exploited security flaws to its Known Exploited Vulnerabilities (KEV) catalog, urging immedia ... Read more

Published Date: Sep 17, 2024 (3 months ago)
  • Cybersecurity News
Exploit Kits, Cryptominers, Proxyjackers: The New Face of Selenium Grid Abuse

Researchers at Cado Security Labs have uncovered two malicious campaigns that exploit misconfigured instances of Selenium Grid. Once a trusted tool for browser automation and testing, Selenium Grid ha ... Read more

Published Date: Sep 17, 2024 (3 months ago)
  • crowdstrike.com
September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs

Microsoft has released security updates for 79 vulnerabilities in its September 2024 Patch Tuesday rollout. These include four actively exploited zero-days (CVE-2024-38014, CVE-2024-38217, CVE-2024-38 ... Read more

Published Date: Sep 10, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Revival Hijack: A New PyPI Hijacking Technique Threatens Thousands of Packages

The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,” which has put over 22,000 packages at risk of exploitation. Unlike traditional typosquat ... Read more

Published Date: Sep 05, 2024 (3 months, 1 week ago)
  • Cybersecurity News
North Korea Targets DeFi and Crypto Companies with Advanced Social Engineering Attacks

Please enable JavaScriptThe FBI has warned sternly about North Korean state-sponsored hackers employing highly sophisticated social engineering tactics to infiltrate decentralized finance (DeFi) and c ... Read more

Published Date: Sep 05, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Publicly Exposed GenAI Development Services Raise Serious Security Concerns

Access to the API without the need for any authentication | Image: Legit SecurityA new report released by Legit Security has raised significant concerns about the security posture of publicly accessib ... Read more

Published Date: Sep 03, 2024 (3 months, 2 weeks ago)
  • tripwire.com
Tripwire Patch Priority Index for August 2024

Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that re ... Read more

Published Date: Sep 02, 2024 (3 months, 2 weeks ago)
  • The Hacker News
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

Rootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the ... Read more

Published Date: Aug 31, 2024 (3 months, 2 weeks ago)
  • BleepingComputer
North Korean hackers exploit Chrome zero-day to deploy rootkit

North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. "We assess ... Read more

Published Date: Aug 30, 2024 (3 months, 2 weeks ago)
  • Help Net Security
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are ... Read more

Published Date: Aug 25, 2024 (3 months, 3 weeks ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 34

The Good | Global Authorities Arrest Multi-Million Dollar Crypto Thieves & Charge An Extortion Gang Member Plenty of good news this week as global law enforcement efforts rounded up suspects behind a ... Read more

Published Date: Aug 23, 2024 (3 months, 3 weeks ago)
  • SentinelOne
More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 34

The Good | Global Authorities Arrest Multi-Million Dollar Crypto Thieves & Charge An Extortion Gang Member Plenty of good news this week as global law enforcement efforts rounded up suspects behind a ... Read more

Published Date: Aug 23, 2024 (3 months, 3 weeks ago)
  • Cybersecurity News
Log4j Exploited Again: New Campaign Targets Vulnerable Systems with Crypto-Mining and Backdoors

Despite its discovery over two years ago, the Log4j vulnerability, known as Log4Shell (CVE-2021-44228), continues to pose a significant threat to global cybersecurity. A recent report from Datadog Sec ... Read more

Published Date: Aug 22, 2024 (3 months, 3 weeks ago)
  • TheCyberThrone
Microsoft Flaw CVE-2024-38193 exploited by Lazarus Group

During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers.One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is a  Br ... Read more

Published Date: Aug 20, 2024 (3 months, 3 weeks ago)
  • Help Net Security
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers ... Read more

Published Date: Aug 20, 2024 (3 months, 3 weeks ago)
  • TheCyberThrone
F5 fixes NGINX and BIG-IP Vulnerabilities

F5 has recently released security advisories addressing vulnerabilities in its products. These vulnerabilities, if exploited, could lead to denial-of-service (DoS) attacks and unauthorized access, dis ... Read more

Published Date: Aug 20, 2024 (3 months, 4 weeks ago)
  • security.nl
Windows-kwetsbaarheid sinds juni misbruikt voor installatie van rootkit

Aanvallers hebben sinds juni een kwetsbaarheid in Windows gebruikt voor de installatie van een rootkit, zo stelt securitybedrijf Gen Digital. Microsoft rolde vorige week dinsdag een beveiligingsupdate ... Read more

Published Date: Aug 20, 2024 (3 months, 4 weeks ago)
  • Cybersecurity News
Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently

Last week, Microsoft addressed multiple high-severity security vulnerabilities in its security updates, some of which have already been exploited by hackers. For instance, the CVE-2024-38193 (CVSS 7.8 ... Read more

Published Date: Aug 20, 2024 (3 months, 4 weeks ago)
  • BleepingComputer
Windows driver zero-day exploited by Lazarus hackers to install rootkit

Image: Midjourney The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. ... Read more

Published Date: Aug 20, 2024 (3 months, 4 weeks ago)
  • Ars Technica
Windows 0-day was exploited by North Korea to install advanced rootkit

LAZARUS STRIKES AGAIN — FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Getty Images A Windows zero-day vulnerability recently patched by Microsoft was explo ... Read more

Published Date: Aug 19, 2024 (3 months, 4 weeks ago)
  • The Hacker News
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CV ... Read more

Published Date: Aug 19, 2024 (3 months, 4 weeks ago)
  • Cyber Security News
Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access

Security researchers at Avast have uncovered evidence that the notorious North Korean hacker group Lazarus exploited a previously unknown zero-day vulnerability in the Windows AFD.sys driver to gain k ... Read more

Published Date: Aug 17, 2024 (4 months ago)
  • crowdstrike.com
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs

Microsoft has released security updates for 85 vulnerabilities in its August 2024 Patch Tuesday rollout. These include six actively exploited zero-days (CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • security.nl
Microsoft dicht zes actief misbruikte kwetsbaarheden in Office en Windows

Tijdens de patchdinsdag van augustus heeft Microsoft zes kwetsbaarheden in Office en Windows verholpen die actief zijn misbruikt voordat de updates beschikbaar waren. Drie van de beveiligingslekken ma ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • The Hacker News
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Windows Security / Vulnerability Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of th ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • TheCyberThrone
CISA adds Microsoft Patch Tuesday bugs to its Catalog

The US CISA adds 6 Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog that is released as part of patch Tuesday, August 2024.CVE-2024-38189 – Microsoft Project Remote Code Execut ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • TheCyberThrone
Microsoft Patch Tuesday-August 2024

Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • Cybersecurity News
CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities

Microsoft’s August 2024 Patch Tuesday release addresses 88 vulnerabilities, including seven critical flaws and 10 zero-day vulnerabilities. Among these, six are currently being actively exploited in t ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • Cyber Security News
Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting

Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and serv ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • The Register
Patch Tuesday brings 90 new Microsoft CVEs, six already under exploit

Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from th ... Read more

Published Date: Aug 14, 2024 (4 months ago)
  • krebsonsecurity.com
Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attac ... Read more

Published Date: Aug 13, 2024 (4 months ago)
  • tripwire.com
VERT Threat Alert: August 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.CVE ... Read more

Published Date: Aug 13, 2024 (4 months ago)
  • Dark Reading
Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Source: CC Photo Labs via ShutterstockAttackers are actively exploiting as many as six of the 90 vulnerabilities that Microsoft disclosed in its security update for August, making them a top priority ... Read more

Published Date: Aug 13, 2024 (4 months ago)
  • Help Net Security
Microsoft fixes 6 zero-days under active attack

August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under ... Read more

Published Date: Aug 13, 2024 (4 months ago)
  • BleepingComputer
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an ... Read more

Published Date: Aug 13, 2024 (4 months ago)

The following table lists the changes that have been made to the CVE-2024-38193 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 Patch, Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.10240.20751 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.4780 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.4780 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.3147 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4037 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.4037 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.1457 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* versions up to (excluding) 6.2.9200.25031 *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2655 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1085
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Aug. 14, 2024

    Action Type Old Value New Value
    Added Vulnerability Name Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
    Added Due Date 2024-09-03
    Added Date Added 2024-08-13
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • CVE Received by [email protected]

    Aug. 13, 2024

    Action Type Old Value New Value
    Added Description Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    Added Reference Microsoft Corporation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 [No types assigned]
    Added CWE Microsoft Corporation CWE-416
    Added CVSS V3.1 Microsoft Corporation AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-38193 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-38193 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability