CVE-2024-30038
published 2024-05-14CVE-2024-30038: Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.55%
83.0th percentile
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20651 | 10.0.10240.20651 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6981 | 10.0.14393.6981 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.5820 | 10.0.17763.5820 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.5820 | 10.0.17763.5820 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.4412 | 10.0.19044.4412 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.4412 | 10.0.19045.4412 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2960 | 10.0.22000.2960 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.3593 | 10.0.22621.3593 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.3593 | 10.0.22631.3593 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.3593 | 10.0.22631.3593 |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24868 | 6.2.9200.24868 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21972 | 6.3.9600.21972 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6981 | 10.0.14393.6981 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.5820 | 10.0.17763.5820 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2461 | 10.0.20348.2461 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvelistv57.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Win32k Elevation of Privilege Vulnerability
vendor_msrc·2024-05-14·CVSS 7.8
CVE-2024-30038 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.
Windows Win32K - ICOMP: Windows Win32K - ICOMP
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037765
Reference: https://support.microsoft.com/help/5037765
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037782
Reference: https://support.microsoft.com/help/5037782
CVEList
Win32k Elevation of Privilege Vulnerability
cvelistv5·2024-05-14·CVSS 7.8
CVE-2024-30038 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
No detection rules found.
Qualys
Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review
blogs_qualys·2024-05-14
Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for May 2024
Adobe Patches for May 2024
Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
Critical Severity Vulnerability Patched in May Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
Qualys Monthly Webinar Series
Microsoft has released its May edition of Patch Tuesday. Let’s take a deep dive into the crucial insights from Microsoft’s Patch Tuesday updates for May 2024.
## Microsoft Patch Tuesday for May 2024
Microsoft Patch Tuesday’s May 2024 edition addressed 67 vulnerabilities, including one critical and 59 important severity vulnerabilities.
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
# The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs
2024/05/14
Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8. This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory protec
Qualys
Microsoft Patch Tuesday May 2024: Critical Fixes | Qualys
blogs_qualys·2024-05-14
Microsoft Patch Tuesday May 2024: Critical Fixes | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for May 2024
- Adobe Patches for May 2024
- Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
- Critical Severity Vulnerability Patched in May Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- Qualys Monthly Webinar Series
Microsoft has released its May edition of Patch Tuesday. Let’s take a deep dive into the crucial insights from Microsoft’s Patch Tuesday updates for May 2024.
## Microsoft Patch Tuesday for May 2024
Microsoft Patch Tuesday’s May 2024 edition addressed 67 vulnerabilities, including one critical and 59 important severity vulne
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
## The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs 2024/05/14 Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8 . This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory prote
Bleepingcomputer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
blogs_bleepingcomputer·2024-05-14·CVSS 8.8
[HIGH] Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Lawrence Abrams
17 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
27 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four fixed on May 10th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5037771 cumulative update and the Windows 10 KB5037768 update .
## Three zero-days fixed
This month's Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day as a flaw
2024-05-14
Published