CVE-2024-38064
Published: 09 July 2024
Summary
CVE-2024-38064 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 5.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Windows TCP/IP contains an information disclosure vulnerability tracked as CVE-2024-38064. The flaw is present in the Windows TCP/IP network stack and carries a CVSS 3.1 base score of 7.5, reflecting network-accessible disclosure of sensitive data without authentication.
An unauthenticated attacker can send specially crafted network packets to a vulnerable system and obtain confidential information from kernel memory. The attack requires no user interaction and can be performed remotely over the network, resulting in high confidentiality impact while leaving integrity and availability unaffected.
Microsoft has published guidance for the issue in its Security Response Center, including details on available security updates that address the vulnerability in supported Windows releases. The associated EPSS score has remained near 0.15 with only minor fluctuation between its recorded peak and current value.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37759
Vulnerability details
Windows TCP/IP Information Disclosure Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.