CVE-2024-38100
Published: 09 July 2024
Summary
CVE-2024-38100 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows Server 2016. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-38100 is an elevation-of-privilege vulnerability in Windows File Explorer. It carries a CVSS 3.1 base score of 7.8 and is associated with CWE-284 improper access control. The flaw affects the local file-management component of supported Windows releases and allows an attacker who already possesses a user account on the system to obtain higher privileges.
An authenticated local attacker can exploit the issue without user interaction by invoking File Explorer functionality that improperly handles access checks. Successful exploitation grants the attacker full read, write, and execute rights equivalent to the highest-privileged account on the host, enabling arbitrary code execution, data theft, and persistence.
Microsoft has published remediation guidance and patches for the vulnerability through its Security Response Center at the listed advisory URL. Administrators are advised to apply the updates corresponding to their Windows versions as soon as they become available.
The associated EPSS score has reached a peak of 0.34 with a current value of 0.31, indicating moderate and relatively stable exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37785
Vulnerability details
Windows File Explorer Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The access control policy and procedures directly mandate and enforce proper access control mechanisms across the organization.
Device lock enforces restricted access until re-authentication, directly reducing unauthorized use of active sessions.
Supervision and review of access control activities directly detects and remediates improper access configurations or usages.
Explicitly identifying and documenting actions permitted without identification or authentication enforces proper access control boundaries by defining justified exceptions.
By automatically labeling outputs with security attributes, the control supports attribute-based enforcement and reduces exploitability of improper access control weaknesses.
Associating and retaining security attributes with data directly supports enforcement of access control decisions across storage, processing, and transmission.
Requiring prior authorization for each remote access type prevents improper access control over remote connections.
Requiring authorization of wireless access before allowing connections enforces proper access control for this access method.