CVE-2024-38124Improper Authentication in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-287Improper Authentication8 documents7 sources
Severity
9.0CRITICALNVD
EPSS
0.3%
top 43.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows Server 2008 Service Pack 2Microsoft Windows Server 2012+6 more
Timeline
PublishedOct 8

Description

Windows Netlogon Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages8 packages

NVDmicrosoft/windows< 10.0.14393.7428+4
CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.25118
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.7428
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.6414
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.2762

Patches

Patch: msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-m454-2xvj-mc27: Windows Netlogon Elevation of Privilege Vulnerability2024-10-08
CVEList
Windows Netlogon Elevation of Privilege Vulnerability2024-10-08

📋Vendor Advisories

1
Microsoft
Windows Netlogon Elevation of Privilege Vulnerability2024-10-08

🕵️Threat Intelligence

4
Bleepingcomputer
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws2024-10-08
Trendmicro
The October 2024 Security Update Review2024-10-08
Trendmicro
The October 2024 Security Update Review2024-10-08
Tenable
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)2024-10-08
CVE-2024-38124 — Improper Authentication in Microsoft | cvebase