CVE-2024-30027 — Double Free in Microsoft Windows 10 Version 1507

CWE-415 — Double Free5 documents4 sources

Severity

7.8HIGHCNA

No vector

EPSS

0.3%

top 42.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +13 more

Timeline

PublishedMay 14

Description

NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability

Affected Packages16 packages

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.24868

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.6981

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.5820

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.2461

▶CVEListV5microsoft/windows_server_2012_r26.3.9600.0 — 6.3.9600.21972

🔴Vulnerability Details

CVEList

NTFS Elevation of Privilege Vulnerability↗2024-05-14

▶

📋Vendor Advisories

Microsoft

NTFS Elevation of Privilege Vulnerability↗2024-05-14

▶

🕵️Threat Intelligence

Trendmicro

The May 2024 Security Update Review↗2024-05-14

▶

Trendmicro

The May 2024 Security Update Review↗2024-05-14

▶

Bleepingcomputer

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws↗2024-05-14

▶

External resources

NVD MITRE

Affected products16

Microsoft Windows 10 Version 1507≥ 10.0.10240.0, < 10.0.10240.20651

Microsoft Windows 10 Version 1607≥ 10.0.14393.0, < 10.0.14393.6981

Microsoft Windows 10 Version 1809≥ 10.0.17763.0, < 10.0.17763.5820≥ 10.0.0, < 10.0.17763.5820

Microsoft Windows 10 Version 21h2≥ 10.0.19043.0, < 10.0.19044.4412

Microsoft Windows 10 Version 22h2≥ 10.0.19045.0, < 10.0.19045.4412

Microsoft Windows 11 Version 21h2≥ 10.0.0, < 10.0.22000.2960

Microsoft Windows 11 Version 22h2≥ 10.0.22621.0, < 10.0.22621.3593

Microsoft Windows 11 Version 22h3≥ 10.0.22631.0, < 10.0.22631.3593

Microsoft Windows 11 Version 23h2≥ 10.0.22631.0, < 10.0.22631.3593

Microsoft Windows Server 2008 R2 Service Pack 1≥ 6.1.7601.0, < 6.1.7601.27117

Disclosure

PublishedMay 14, 2024