CVE-2024-38044
Published: 09 July 2024
Summary
CVE-2024-38044 is a high-severity Numeric Truncation Error (CWE-197) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 10.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-38044 is a remote code execution vulnerability in the DHCP Server Service. It carries a CVSS 3.1 base score of 7.2 with the vector string AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H and is associated with CWE-197 and CWE-681. The flaw was publicly disclosed on 9 July 2024.
An attacker with high privileges on an affected DHCP server can exploit the issue over the network to execute arbitrary code, resulting in full compromise of confidentiality, integrity, and availability on the target system.
Microsoft has published remediation guidance for the vulnerability at the Microsoft Security Response Center advisory page referenced in the CVE record.
EPSS for the CVE rose from lower values after disclosure to a recorded peak of 0.0650 on 11 December 2025 before receding to the current level of 0.0476, indicating a period of increased exploitation interest following publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37742
Vulnerability details
DHCP Server Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.