CVE-2024-38159 — Use After Free in Microsoft Windows 10 Version 1607

CWE-416 — Use After Free12 documents8 sources

Severity

9.1CRITICALNVD

EPSS

3.0%

top 13.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1607 Microsoft Windows Server 2016 Microsoft Windows 10 1607 +3 more

Timeline

PublishedAug 13

Description

Windows Network Virtualization Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages7 packages

▶NVDmicrosoft/windows< 10.0.14393.7259

▶NVDmicrosoft/windows_10_1607< 10.0.14393.7259

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.7259

▶CVEListV5microsoft/windows_10_version_160710.0.14393.0 — 10.0.14393.7259

▶msrcmsrc/windows_server_2016

Patches

Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-6jh6-jwrq-3f9r: Windows Network Virtualization Remote Code Execution Vulnerability↗2024-08-13

▶

📋Vendor Advisories

Microsoft

Windows Network Virtualization Remote Code Execution Vulnerability↗2024-08-13

▶

🕵️Threat Intelligence

Trendmicro

The August 2024 Security Update Review↗2024-08-13

▶

Talos

Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed↗2024-08-13

▶

Qualys

Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review↗2024-08-13

▶

Qualys

Microsoft & Adobe August 2024 Patch Tuesday Updates | Qualys↗2024-08-13

▶

Bleepingcomputer

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited↗2024-08-13

▶