CVE-2024-38202Windows Downdate: Improper Access Control in Microsoft Windows 10 Version 1607

CWE-284Improper Access Control4 documents4 sources
Severity
7.3HIGHNVD
EPSS
2.6%
top 14.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+8 more
Timeline
PublishedAug 8
Latest updateAug 13

Description

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft has developed a security update to mitigate this threat which was made avai

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages11 packages

CVEListV5microsoft/windows_10_version_160710.0.14393.010.0.14393.7428
CVEListV5microsoft/windows_10_version_180910.0.17763.010.0.17763.6414
CVEListV5microsoft/windows_10_version_21h210.0.19043.010.0.19044.5011
CVEListV5microsoft/windows_10_version_22h210.0.19045.010.0.19045.5011
CVEListV5microsoft/windows_11_version_21h210.0.010.0.22000.3260

Patches

Patch: msrc.microsoft.com

🔴Vulnerability Details

2
CVEList
Windows Update Stack Elevation of Privilege Vulnerability2024-08-08
GHSA
GHSA-gw56-mg6j-26qj: Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user2024-08-08

📋Vendor Advisories

1
Microsoft
Windows Update Stack Elevation of Privilege Vulnerability2024-08-13