Cyber Resilience

CVE-2024-38100

HighLPE

Published: 09 July 2024

Published
09 July 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3076 96.8th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38100 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows Server 2016. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-38100 is an elevation-of-privilege vulnerability in Windows File Explorer. It carries a CVSS 3.1 base score of 7.8 and is associated with CWE-284 improper access control. The flaw affects the local file-management component of supported Windows releases and allows an attacker who already possesses a user account on the system to obtain higher privileges.

An authenticated local attacker can exploit the issue without user interaction by invoking File Explorer functionality that improperly handles access checks. Successful exploitation grants the attacker full read, write, and execute rights equivalent to the highest-privileged account on the host, enabling arbitrary code execution, data theft, and persistence.

Microsoft has published remediation guidance and patches for the vulnerability through its Security Response Center at the listed advisory URL. Administrators are advised to apply the updates corresponding to their Windows versions as soon as they become available.

The associated EPSS score has reached a peak of 0.34 with a current value of 0.31, indicating moderate and relatively stable exploitation interest since disclosure.

EU & UK References

Vulnerability details

Windows File Explorer Elevation of Privilege Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows server 2016
≤ 10.0.14393.7159
microsoft
windows server 2019
≤ 10.0.17763.6054
microsoft
windows server 2022
≤ 10.0.20348.2582
microsoft
windows server 2022 23h2
≤ 10.0.25398.1009

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-284

The access control policy and procedures directly mandate and enforce proper access control mechanisms across the organization.

addresses: CWE-284

Device lock enforces restricted access until re-authentication, directly reducing unauthorized use of active sessions.

addresses: CWE-284

Supervision and review of access control activities directly detects and remediates improper access configurations or usages.

addresses: CWE-284

Explicitly identifying and documenting actions permitted without identification or authentication enforces proper access control boundaries by defining justified exceptions.

addresses: CWE-284

By automatically labeling outputs with security attributes, the control supports attribute-based enforcement and reduces exploitability of improper access control weaknesses.

addresses: CWE-284

Associating and retaining security attributes with data directly supports enforcement of access control decisions across storage, processing, and transmission.

addresses: CWE-284

Requiring prior authorization for each remote access type prevents improper access control over remote connections.

addresses: CWE-284

Requiring authorization of wireless access before allowing connections enforces proper access control for this access method.

References