⚠ Actively exploited
Added to CISA KEV on 2024-08-13. Federal agencies required to patch by 2024-09-03. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-38193 — Use After Free in Microsoft Windows 10 Version 1507
Severity
7.8HIGHNVD
EPSS
74.8%
top 1.13%
CISA KEV
KEV
Added 2024-08-13
Due 2024-09-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedAug 13
KEV addedAug 13
KEV dueSep 3
Latest updateMay 9
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages27 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-82w9-g9wm-675r: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability↗2024-08-13
CVEList
▶
VulnCheck
▶
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation↗2025-05-09