Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-38202

Опубликовано: 08 авг. 2024
Источник: nvd
CVSS3: 7.3
EPSS Низкий

Описание

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this v

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03533
Низкий

7.3 High

CVSS3

Дефекты

CWE-284
NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-gw56-mg6j-26qj

CVSS3: 7.3
github
11 месяцев назад

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs....

fstec логотип

BDU:2024-06432

CVSS3: 7.3
fstec
11 месяцев назад

Уязвимость центра обновлений операционных систем Windows, позволяющая нарушителю повысить свои привилегии

msrc логотип

CVE-2024-38202

CVSS3: 7.3
msrc
11 месяцев назад

Windows Update Stack Elevation of Privilege Vulnerability

EPSS

Процентиль: 87%
0.03533
Низкий

7.3 High

CVSS3

Дефекты

CWE-284
NVD-CWE-Other