7.3
HIGH
CVE-2024-38202
Windows Backup Elevation of Privilege Vulnerability
Description

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202

INFO

Published Date :

Aug. 8, 2024, 2:15 a.m.

Last Modified :

Sept. 18, 2024, 12:15 a.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.3
Public PoC/Exploit Available at Github

CVE-2024-38202 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-38202 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2016
2 Microsoft windows_server_2019
3 Microsoft windows_10_1607
4 Microsoft windows_10_1809
5 Microsoft windows_10_21h2
6 Microsoft windows_10_22h2
7 Microsoft windows_server_2022
8 Microsoft windows_11_21h2
9 Microsoft windows_11_22h2
10 Microsoft windows_11_23h2
11 Microsoft windows_server_2022_23h2
12 Microsoft windows_server_23h2
: Total Affected Vendor : 1 | Products : 12
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-38202.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202 Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
RaphaelEjike/Mitigating_CVEs

None

Updated: 2 days, 7 hours ago
0 stars 0 fork 0 watcher
Born at : Sept. 16, 2024, 6:07 p.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-38202 vulnerability anywhere in the article.

  • Cybersecurity News
Faraday: Open Source Vulnerability Management Platform

In today’s complex cybersecurity landscape, security teams face the dual challenge of uncovering new vulnerabilities and efficiently managing remediation efforts. Faraday emerges as a powerful solutio ... Read more

Published Date: Sep 17, 2024 (1 day, 23 hours ago)
CVE-2024-28991 CVE-2024-28990 CVE-2024-6671 CVE-2024-6670 CVE-2024-40766 CVE-2024-38202 CVE-2024-21302 CVE-2024-36401
  • Cybersecurity News
BadIIS Malware : 35+ IIS Servers Compromised in DragonRank Campaign

A recent report from Cisco Talos has exposed a new threat actor named DragonRank, a Chinese-speaking group specializing in SEO manipulation and cyberattacks. This group operates by exploiting vulnerab ... Read more

Published Date: Sep 15, 2024 (3 days, 1 hour ago)
CVE-2024-6342 CVE-2024-7971 CVE-2024-7965 CVE-2024-28000 CVE-2024-38202 CVE-2024-21302 CVE-2024-3080 CVE-2017-7269
  • Help Net Security
September 2024 Patch Tuesday forecast: Downgrade is the new exploit

I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applicat ... Read more

Published Date: Sep 06, 2024 (1 week, 5 days ago)
CVE-2024-38202 CVE-2024-21302
  • Cybersecurity News
ECDSA Vulnerability in YubiKey: What You Need to Know

OLYMPUS DIGITAL CAMERAIn a recent security advisory, Yubico disclosed a moderate vulnerability (CVE-2024-45678) affecting several of its hardware security devices, including the widely-used YubiKey 5 ... Read more

Published Date: Sep 05, 2024 (2 weeks ago)
CVE-2024-45678 CVE-2024-7971 CVE-2024-7965 CVE-2023-31315 CVE-2024-38202 CVE-2024-21302 CVE-2024-3080 CVE-2024-31497 CVE-2024-31498
  • Cybersecurity News
CISA Issues Alert: Three Actively Exploited Vulnerabilities Demand Immediate Attention

The Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting their active exploitation in the ... Read more

Published Date: Sep 04, 2024 (2 weeks, 1 day ago)
CVE-2024-8105 CVE-2024-7262 CVE-2024-7570 CVE-2024-7569 CVE-2024-38202 CVE-2024-21302 CVE-2021-20124 CVE-2021-20123
  • BleepingComputer
Windows Downdate tool lets you 'unpatch' Windows systems

SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, an ... Read more

Published Date: Aug 27, 2024 (3 weeks, 1 day ago)
CVE-2024-38202 CVE-2024-21302 CVE-2023-21768 CVE-2022-34709 CVE-2021-27090
  • Cybersecurity News
CVE-2024-7272: Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published

A critical security vulnerability, identified as CVE-2024-7272, has been uncovered in FFmpeg, the world’s leading multimedia framework renowned for its ability to decode, encode, and stream nearly any ... Read more

Published Date: Aug 21, 2024 (4 weeks ago)
CVE-2024-7971 CVE-2024-7965 CVE-2024-7272 CVE-2023-31315 CVE-2024-38202 CVE-2024-21302 CVE-2024-22862 CVE-2024-22860 CVE-2022-2566
  • Kaspersky
Windows Downdate: exploitation techniques and countermeasures

All software applications, including operating systems, contain vulnerabilities, so regular updates to patch them are a cornerstone of cybersecurity. The researchers who invented the Windows Downdate ... Read more

Published Date: Aug 20, 2024 (4 weeks, 1 day ago)
CVE-2024-38202 CVE-2024-21302
  • Cyber Security News
PoC Exploit Released for Windows 0-Day Downgrade Attack

A proof-of-concept (PoC) exploit has been publicly released for a pair of critical zero-day vulnerabilities in Microsoft Windows that enable a novel “downgrade attack.” The flaws tracked as CVE-2024-3 ... Read more

Published Date: Aug 20, 2024 (4 weeks, 1 day ago)
CVE-2024-38202 CVE-2024-21302
  • Cybersecurity News
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released

Researchers have published the technical details and proof-of-concept (PoC) exploit code for two critical zero-day vulnerabilities in Windows, tracked as CVE-2024-38202 and CVE-2024-21302. These vulne ... Read more

Published Date: Aug 20, 2024 (4 weeks, 1 day ago)
CVE-2024-7971 CVE-2024-7965 CVE-2023-31315 CVE-2024-38202 CVE-2024-21302
  • Cybersecurity News
Windows TCP/IP Vulnerability CVE-2024-38063: Researchers Hold Back Exploit Details Due to High Risk

In a recent August Patch Tuesday, Microsoft urgently addressed a critical security vulnerability within the Windows TCP/IP stack, identified as CVE-2024-38063. With a CVSS score of 9.8, this flaw has ... Read more

Published Date: Aug 15, 2024 (1 month ago)
CVE-2024-7570 CVE-2024-7569 CVE-2024-38063 CVE-2024-38202 CVE-2024-21302 CVE-2024-20416 CVE-2024-22442 CVE-2024-36401
  • Cybersecurity News
Adobe Issues Critical Security Updates for Commerce and Magento Platforms

Adobe has released a critical security update for its widely-used e-commerce platforms, Adobe Commerce and Magento Open Source. The update addresses a range of vulnerabilities, some of which could all ... Read more

Published Date: Aug 15, 2024 (1 month ago)
CVE-2024-39418 CVE-2024-39404 CVE-2024-39402 CVE-2024-39401 CVE-2024-39400 CVE-2024-39399 CVE-2024-39398 CVE-2024-39397 CVE-2024-7570 CVE-2024-7569 ...+7 more CVE
  • Cybersecurity News
CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory detailing multiple critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities, ... Read more

Published Date: Aug 15, 2024 (1 month ago)
CVE-2024-7570 CVE-2024-7569 CVE-2024-42001 CVE-2024-41936 CVE-2024-39815 CVE-2024-39791 CVE-2024-37023 CVE-2024-29082 CVE-2024-41161 CVE-2024-38202 ...+6 more CVE
  • crowdstrike.com
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs

Microsoft has released security updates for 85 vulnerabilities in its August 2024 Patch Tuesday rollout. These include six actively exploited zero-days (CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, ... Read more

Published Date: Aug 14, 2024 (1 month ago)
CVE-2024-38213 CVE-2024-38199 CVE-2024-38193 CVE-2024-38189 CVE-2024-38178 CVE-2024-38160 CVE-2024-38159 CVE-2024-38140 CVE-2024-38109 CVE-2024-38107 ...+5 more CVE
  • security.nl
Microsoft dicht zes actief misbruikte kwetsbaarheden in Office en Windows

Tijdens de patchdinsdag van augustus heeft Microsoft zes kwetsbaarheden in Office en Windows verholpen die actief zijn misbruikt voordat de updates beschikbaar waren. Drie van de beveiligingslekken ma ... Read more

Published Date: Aug 14, 2024 (1 month ago)
CVE-2024-38213 CVE-2024-38199 CVE-2024-38193 CVE-2024-38189 CVE-2024-38178 CVE-2024-38107 CVE-2024-38106 CVE-2024-38200 CVE-2024-38202 CVE-2024-21302
  • The Cyber Express
Microsoft Tackles 9 Zero-Day Exploits in August 2024 Patch Tuesday Update

Microsoft has released its August 2024 Patch Tuesday update, addressing multiple vulnerabilities across its software ecosystem. This month’s update features fixes for a total of 90 vulnerabilities, in ... Read more

Published Date: Aug 14, 2024 (1 month ago)
CVE-2024-38199 CVE-2024-38160 CVE-2024-38159 CVE-2024-38140 CVE-2024-38109 CVE-2024-38063 CVE-2024-38200 CVE-2024-38202 CVE-2024-21302 CVE-2024-38206 ...+3 more CVE
  • The Hacker News
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Windows Security / Vulnerability Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of th ... Read more

Published Date: Aug 14, 2024 (1 month ago)
CVE-2024-38213 CVE-2024-38199 CVE-2024-38198 CVE-2024-38193 CVE-2024-38189 CVE-2024-38178 CVE-2024-38107 CVE-2024-38106 CVE-2024-6768 CVE-2024-38200 ...+4 more CVE
  • TheCyberThrone
Microsoft Patch Tuesday-August 2024

Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more

Published Date: Aug 14, 2024 (1 month ago)
CVE-2024-38163 CVE-2024-38223 CVE-2024-38215 CVE-2024-38214 CVE-2024-38213 CVE-2024-38211 CVE-2024-38201 CVE-2024-38199 CVE-2024-38198 CVE-2024-38197 ...+83 more CVE
  • Cybersecurity News
CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities

Microsoft’s August 2024 Patch Tuesday release addresses 88 vulnerabilities, including seven critical flaws and 10 zero-day vulnerabilities. Among these, six are currently being actively exploited in t ... Read more

Published Date: Aug 14, 2024 (1 month ago)
CVE-2024-38213 CVE-2024-38199 CVE-2024-38193 CVE-2024-38189 CVE-2024-38178 CVE-2024-38107 CVE-2024-38106 CVE-2024-38200 CVE-2024-38202 CVE-2024-21302 ...+2 more CVE
  • The Register
Patch Tuesday brings 90 new Microsoft CVEs, six already under exploit

Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from th ... Read more

Published Date: Aug 14, 2024 (1 month ago)
CVE-2024-38213 CVE-2024-38199 CVE-2024-38193 CVE-2024-38189 CVE-2024-38178 CVE-2024-38107 CVE-2024-38106 CVE-2024-41730 CVE-2024-38200 CVE-2024-38202 ...+1 more CVE
  • Dark Reading
Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Source: CC Photo Labs via ShutterstockAttackers are actively exploiting as many as six of the 90 vulnerabilities that Microsoft disclosed in its security update for August, making them a top priority ... Read more

Published Date: Aug 13, 2024 (1 month ago)
CVE-2024-38213 CVE-2024-38193 CVE-2024-38189 CVE-2024-38178 CVE-2024-38107 CVE-2024-38106 CVE-2024-38202 CVE-2024-21302
  • Help Net Security
Microsoft fixes 6 zero-days under active attack

August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under ... Read more

Published Date: Aug 13, 2024 (1 month ago)
CVE-2024-38213 CVE-2024-38199 CVE-2024-38193 CVE-2024-38189 CVE-2024-38178 CVE-2024-38109 CVE-2024-38107 CVE-2024-38106 CVE-2024-38200 CVE-2024-38202 ...+2 more CVE
  • Cybersecurity News
QuickShell Security Flaw Exposes Google Quick Share Users to Remote Attacks

Image Credit: SafeBreach LabsGoogle’s Quick Share, a popular tool for file sharing across Android, Windows, and Chrome OS devices, has recently come under scrutiny following the discovery of serious s ... Read more

Published Date: Aug 12, 2024 (1 month ago)
CVE-2024-38202 CVE-2024-21302 CVE-2024-20416 CVE-2024-22442 CVE-2024-36401 CVE-2024-38272 CVE-2024-38271 CVE-2024-36971
  • Cybersecurity News
Dark Skippy: New Threat Steals Secret Keys from Signing Devices

A serious security threat called Dark Skippy has emerged in the cryptocurrency world. This method allows malicious actors to extract private keys from transaction signing devices, such as hardware wal ... Read more

Published Date: Aug 12, 2024 (1 month ago)
CVE-2024-38202 CVE-2024-21302 CVE-2024-38856 CVE-2024-41637 CVE-2024-40075 CVE-2024-27348
  • The Hacker News
Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Vulnerability / Enterprise Security Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicio ... Read more

Published Date: Aug 10, 2024 (1 month, 1 week ago)
CVE-2024-38200 CVE-2024-38202 CVE-2024-21302
  • The Cyber Express
Downgrade Attacks Could Affect Fully Updated Windows Systems With Previously Patched Vulnerabilities

A security researcher has uncovered a new threat within the Windows operating system that challenges the very notion of a fully-patched system. The new threat demonstrated by the researcher-built tool ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302
  • The Hacker News
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Windows Security / Vulnerability Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architectu ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302
  • Help Net Security
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploit ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302
  • security.nl
Windows kwetsbaar voor downgrade-aanval via Windows Update

Windows is kwetsbaar voor een downgrade-aanval, waarbij een aanvaller die toegang tot een systeem heeft via Windows Update aanwezige patches permanent kan verwijderen. Het besturingssysteem denkt na d ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302
  • Cyber Security News
Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems to Old Vulnerabilities

Every software and operating system vendor has been implementing security measures to protect their products. This is because threat actors require a lot of time to find a zero-day but less time to fi ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302 CVE-2022-21894
  • The Register
Your victim's Windows PC fully patched? Just force undo its updates and exploit away

Black Hat Techniques to forcibly remove security patches from Windows machines so that fixed vulnerabilities are exploitable again were demonstrated this week. These methods are a handy means for rogu ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302
  • Cybersecurity News
Zero-Day Vulnerability: 18 Years of Exploiting the ‘0.0.0.0’ Flaw

A study revealed a hidden vulnerability that has plagued the world’s largest browsers for 18 years, leaving private and corporate networks susceptible to cyberattacks. Researchers from Oligo Security ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302 CVE-2024-42222 CVE-2024-42062 CVE-2024-36268 CVE-2024-6457 CVE-2024-39891 CVE-2012-4792
  • Cybersecurity News
CVE-2024-21302, CVE-2024-38202: Zero-Day Vulnerabilities Expose Windows Systems to “Unpatching” Attacks

At Black Hat 2024, security researcher Alon Leviev from SafeBreach security researcher unveiled two zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202) that could be exploited to reverse patches ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302 CVE-2024-38856 CVE-2024-41637 CVE-2024-40075 CVE-2023-46685 CVE-2024-27348
  • BleepingComputer
Windows Update downgrade attack "unpatches" fully-updated systems

SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server s ... Read more

Published Date: Aug 07, 2024 (1 month, 1 week ago)
CVE-2024-38202 CVE-2024-21302

The following table lists the changes that have been made to the CVE-2024-38202 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Sep. 18, 2024

    Action Type Old Value New Value
    Changed Description Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update... Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202
  • Initial Analysis by [email protected]

    Sep. 12, 2024

    Action Type Old Value New Value
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202 Patch, Vendor Advisory
    Added CWE NIST NVD-CWE-Other
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Aug. 16, 2024

    Action Type Old Value New Value
    Changed Description Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors. Audit File System - Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn Audit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update...
  • CVE Modified by [email protected]

    Aug. 13, 2024

    Action Type Old Value New Value
    Changed Description Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors. Audit File System - Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn Audit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors. Audit File System - Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn Audit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
  • CVE Modified by [email protected]

    Aug. 08, 2024

    Action Type Old Value New Value
    Changed Description Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Audit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors. Audit File System - Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn Audit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
  • CVE Received by [email protected]

    Aug. 08, 2024

    Action Type Old Value New Value
    Added Description Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Audit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
    Added Reference Microsoft Corporation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202 [No types assigned]
    Added CWE Microsoft Corporation CWE-284
    Added CVSS V3.1 Microsoft Corporation AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-38202 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-38202 weaknesses.

CAPEC-19: Embedding Scripts within Scripts Embedding Scripts within Scripts CAPEC-441: Malicious Logic Insertion Malicious Logic Insertion CAPEC-478: Modification of Windows Service Configuration Modification of Windows Service Configuration CAPEC-479: Malicious Root Certificate Malicious Root Certificate CAPEC-502: Intent Spoof Intent Spoof CAPEC-503: WebView Exposure WebView Exposure CAPEC-536: Data Injected During Configuration Data Injected During Configuration CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment Incomplete Data Deletion in a Multi-Tenant Environment CAPEC-550: Install New Service Install New Service CAPEC-551: Modify Existing Service Modify Existing Service CAPEC-552: Install Rootkit Install Rootkit CAPEC-556: Replace File Extension Handlers Replace File Extension Handlers CAPEC-558: Replace Trusted Executable Replace Trusted Executable CAPEC-562: Modify Shared File Modify Shared File CAPEC-563: Add Malicious File to Shared Webroot Add Malicious File to Shared Webroot CAPEC-564: Run Software at Logon Run Software at Logon CAPEC-578: Disable Security Software Disable Security Software
CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: