CVE-2024-38100
published 2024-07-09CVE-2024-38100: Windows File Explorer Elevation of Privilege Vulnerability
PriorityP278high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.52%
90.3th percentile
Windows File Explorer Elevation of Privilege Vulnerability
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2016 | < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_server_2019 | < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_server_2022 | < 10.0.20348.2582 | 10.0.20348.2582 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2582 | 10.0.20348.2582 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1009 | 10.0.25398.1009 |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in Windows File Explorer and involves Elevation of Privilege to administrator level via Windows COM Session abuse ↗
- →Exploitation assessed as 'More Likely' by Microsoft — prioritize detection and patching on exposed Windows systems ↗
- →Successful exploitation grants administrator privileges — monitor for unexpected privilege escalation events originating from explorer.exe or COM-related processes ↗
- ·Multiple KB patches are required depending on the Windows version; customer action is required to remediate ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows File Explorer Elevation of Privilege Vulnerability
vendor_msrc·2024-07-09·CVSS 7.8
CVE-2024-38100 [HIGH] CWE-284 Windows File Explorer Elevation of Privilege Vulnerability
Windows File Explorer Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain administrator privileges.
Windows COM Session: Windows COM Session
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430
Reference: https://support.microsoft.com/help/5040430
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437
Reference: https://support.microsoft.com/help/5040437
Reference: https://catalog.update.microsoft.co
GHSA
GHSA-6g5f-975p-ff7r: Windows File Explorer Elevation of Privilege Vulnerability
ghsa_unreviewed·2024-07-09
CVE-2024-38100 [HIGH] CWE-284 GHSA-6g5f-975p-ff7r: Windows File Explorer Elevation of Privilege Vulnerability
Windows File Explorer Elevation of Privilege Vulnerability
VulnCheck
Microsoft Windows Improper Access Control
vulncheck·2024·CVSS 7.8
CVE-2024-38100 [HIGH] Microsoft Windows Improper Access Control
Microsoft Windows Improper Access Control
Windows File Explorer Elevation of Privilege Vulnerability
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/
Suricata
ET NETBIOS Microsoft Windows SMB Client Race Condition Remote Code Execution
suricata·2010-12-22
CVE-2010-0017 ET NETBIOS Microsoft Windows SMB Client Race Condition Remote Code Execution
ET NETBIOS Microsoft Windows SMB Client Race Condition Remote Code Execution
Rule: alert tcp $EXTERNAL_NET 445 -> $HOME_NET any (msg:"ET NETBIOS Microsoft Windows SMB Client Race Condition Remote Code Execution"; flow:established,to_client; content:"|ff 53 4d 42 72|"; offset:4; depth:5; content:"|00 00 00 00|"; within:4; byte_test:4,<,4356,30,relative,little; reference:url,www.exploit-db.com/exploits/12258/; reference:cve,2010-0017; reference:bid,38100; reference:url,www.microsoft.com/technet/security/Bulletin/MS10-006.mspx; classtype:attempted-user; sid:2012084; rev:4; metadata:created_at 2010_12_22, cve CVE_2010_0017, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_i
No public exploits indexed.
Securelist
Vulnerability landscape analysis for Q4 2024
blogs_securelist·2025-02-26
Vulnerability landscape analysis for Q4 2024
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- Interesting vulnerabilities
- Conclusion and advice
Authors
- Alexander Kolesnikov
Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism.
## Statistics on registered vulnerabilities
This section contains statistics on registered vulnerabilities. Data is sourced from the CVE portal: cve.org.
Total number of registered vulnerabilities a
Securelist
Exploits and vulnerabilities in Q4 2024
blogs_securelist·2025-02-26·CVSS 6.5
CVE-2024-43572 [MEDIUM] Exploits and vulnerabilities in Q4 2024
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
Interesting vulnerabilities
CVE-2024-43572—Remote code execution vulnerability in Microsoft Management Console
CVE-2024-43451—NetNTLM hash disclosure vulnerability
CVE-2024-49039—Elevation of privilege vulnerability in Windows Task Scheduler
Conclusion and advice
Authors
Alexander Kolesnikov
Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leve
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
## The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs 2024/07/09 Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Qualys
Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review
blogs_qualys·2024-07-09
Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for July 2024
Adobe Patches for July 2024
Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024.
## Microsoft Patch Tuesday for July
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
# The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs
2024/07/09
Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Qualys
Microsoft and Adobe July 2024 Security Patches Explained | Qualys
blogs_qualys·2024-07-09
Microsoft and Adobe July 2024 Security Patches Explained | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for July 2024
- Adobe Patches for July 2024
- Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024.
## Microsoft Patch Tue
2024-07-09
Published
Exploited in the wild