CVE-2024-38193
Microsoft Windows Ancillary Function Driver for Wi - [Actively Exploited]
Description
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
INFO
Published Date :
Aug. 13, 2024, 6:15 p.m.
Last Modified :
Aug. 14, 2024, 4:31 p.m.
Source :
[email protected]
Remotely Exploitable :
No
Impact Score :
5.9
Exploitability Score :
1.8
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193; https://nvd.nist.gov/vuln/detail/CVE-2024-38193
Public PoC/Exploit Available at Github
CVE-2024-38193 has a 4 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
Affected Products
The following products are affected by CVE-2024-38193
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-38193
.
URL | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 | Patch Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
C++
None
C++
None
Java HTML
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-38193
vulnerability anywhere in the article.
- Cybersecurity News
Unmasking “Marko Polo”: The Infostealer Gang Targeting Thousands
Marko Polo infection chain (Source: Recorded Future)Researchers at Recorded Future have uncovered a large-scale cyberattack affecting tens of thousands of devices worldwide. It was later revealed that ... Read more
- Cybersecurity News
Hackers Exploit Foundation Software, Exposing Sensitive Contractor Data
Attacker commands enumerating machine details | Image: HuntressRecently, the cybersecurity company Huntress reported a new wave of cyberattacks targeting the widely-used Foundation Accounting Software ... Read more
- Cybersecurity News
CISA Flags Two Actively Exploited Vulnerabilities: Critical Threats to Windows and WhatsUp Gold
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding two actively exploited security flaws to its Known Exploited Vulnerabilities (KEV) catalog, urging immedia ... Read more
- Cybersecurity News
Exploit Kits, Cryptominers, Proxyjackers: The New Face of Selenium Grid Abuse
Researchers at Cado Security Labs have uncovered two malicious campaigns that exploit misconfigured instances of Selenium Grid. Once a trusted tool for browser automation and testing, Selenium Grid ha ... Read more
- crowdstrike.com
September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs
Microsoft has released security updates for 79 vulnerabilities in its September 2024 Patch Tuesday rollout. These include four actively exploited zero-days (CVE-2024-38014, CVE-2024-38217, CVE-2024-38 ... Read more
- Cybersecurity News
Revival Hijack: A New PyPI Hijacking Technique Threatens Thousands of Packages
The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,” which has put over 22,000 packages at risk of exploitation. Unlike traditional typosquat ... Read more
- Cybersecurity News
North Korea Targets DeFi and Crypto Companies with Advanced Social Engineering Attacks
Please enable JavaScriptThe FBI has warned sternly about North Korean state-sponsored hackers employing highly sophisticated social engineering tactics to infiltrate decentralized finance (DeFi) and c ... Read more
- Cybersecurity News
Publicly Exposed GenAI Development Services Raise Serious Security Concerns
Access to the API without the need for any authentication | Image: Legit SecurityA new report released by Legit Security has raised significant concerns about the security posture of publicly accessib ... Read more
- tripwire.com
Tripwire Patch Priority Index for August 2024
Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that re ... Read more
- The Hacker News
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
Rootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the ... Read more
- BleepingComputer
North Korean hackers exploit Chrome zero-day to deploy rootkit
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. "We assess ... Read more
- Help Net Security
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are ... Read more
- SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 34
The Good | Global Authorities Arrest Multi-Million Dollar Crypto Thieves & Charge An Extortion Gang Member Plenty of good news this week as global law enforcement efforts rounded up suspects behind a ... Read more
- SentinelOne
More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 34
The Good | Global Authorities Arrest Multi-Million Dollar Crypto Thieves & Charge An Extortion Gang Member Plenty of good news this week as global law enforcement efforts rounded up suspects behind a ... Read more
- Cybersecurity News
Log4j Exploited Again: New Campaign Targets Vulnerable Systems with Crypto-Mining and Backdoors
Despite its discovery over two years ago, the Log4j vulnerability, known as Log4Shell (CVE-2021-44228), continues to pose a significant threat to global cybersecurity. A recent report from Datadog Sec ... Read more
- TheCyberThrone
Microsoft Flaw CVE-2024-38193 exploited by Lazarus Group
During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers.One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is a Br ... Read more
- Help Net Security
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers ... Read more
- TheCyberThrone
F5 fixes NGINX and BIG-IP Vulnerabilities
F5 has recently released security advisories addressing vulnerabilities in its products. These vulnerabilities, if exploited, could lead to denial-of-service (DoS) attacks and unauthorized access, dis ... Read more
- security.nl
Windows-kwetsbaarheid sinds juni misbruikt voor installatie van rootkit
Aanvallers hebben sinds juni een kwetsbaarheid in Windows gebruikt voor de installatie van een rootkit, zo stelt securitybedrijf Gen Digital. Microsoft rolde vorige week dinsdag een beveiligingsupdate ... Read more
- Cybersecurity News
Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently
Last week, Microsoft addressed multiple high-severity security vulnerabilities in its security updates, some of which have already been exploited by hackers. For instance, the CVE-2024-38193 (CVSS 7.8 ... Read more
- BleepingComputer
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Image: Midjourney The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. ... Read more
- Ars Technica
Windows 0-day was exploited by North Korea to install advanced rootkit
LAZARUS STRIKES AGAIN — FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Getty Images A Windows zero-day vulnerability recently patched by Microsoft was explo ... Read more
- The Hacker News
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CV ... Read more
- Cyber Security News
Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access
Security researchers at Avast have uncovered evidence that the notorious North Korean hacker group Lazarus exploited a previously unknown zero-day vulnerability in the Windows AFD.sys driver to gain k ... Read more
- crowdstrike.com
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs
Microsoft has released security updates for 85 vulnerabilities in its August 2024 Patch Tuesday rollout. These include six actively exploited zero-days (CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, ... Read more
- security.nl
Microsoft dicht zes actief misbruikte kwetsbaarheden in Office en Windows
Tijdens de patchdinsdag van augustus heeft Microsoft zes kwetsbaarheden in Office en Windows verholpen die actief zijn misbruikt voordat de updates beschikbaar waren. Drie van de beveiligingslekken ma ... Read more
- The Hacker News
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits
Windows Security / Vulnerability Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of th ... Read more
- TheCyberThrone
CISA adds Microsoft Patch Tuesday bugs to its Catalog
The US CISA adds 6 Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog that is released as part of patch Tuesday, August 2024.CVE-2024-38189 – Microsoft Project Remote Code Execut ... Read more
- TheCyberThrone
Microsoft Patch Tuesday-August 2024
Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more
- Cybersecurity News
CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
Microsoft’s August 2024 Patch Tuesday release addresses 88 vulnerabilities, including seven critical flaws and 10 zero-day vulnerabilities. Among these, six are currently being actively exploited in t ... Read more
- Cyber Security News
Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting
Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and serv ... Read more
- The Register
Patch Tuesday brings 90 new Microsoft CVEs, six already under exploit
Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from th ... Read more
- krebsonsecurity.com
Six 0-Days Lead Microsoft’s August 2024 Patch Push
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attac ... Read more
- tripwire.com
VERT Threat Alert: August 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.CVE ... Read more
- Dark Reading
Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update
Source: CC Photo Labs via ShutterstockAttackers are actively exploiting as many as six of the 90 vulnerabilities that Microsoft disclosed in its security update for August, making them a top priority ... Read more
- Help Net Security
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under ... Read more
- BleepingComputer
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an ... Read more
The following table lists the changes that have been made to the
CVE-2024-38193
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 Patch, Vendor Advisory Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.10240.20751 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.4780 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.4780 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.3147 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4037 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.4037 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.1457 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* versions up to (excluding) 6.2.9200.25031 *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2655 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1085 -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Aug. 14, 2024
Action Type Old Value New Value Added Vulnerability Name Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Added Due Date 2024-09-03 Added Date Added 2024-08-13 Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. -
CVE Received by [email protected]
Aug. 13, 2024
Action Type Old Value New Value Added Description Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Added Reference Microsoft Corporation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193 [No types assigned] Added CWE Microsoft Corporation CWE-416 Added CVSS V3.1 Microsoft Corporation AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-38193
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-38193
weaknesses.