Cyber Resilience

CVE-2024-38107

HighCISA KEVActive ExploitationEUVD Exploited

Published: 13 August 2024

Published
13 August 2024
Modified
28 October 2025
KEV Added
13 August 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0335 87.6th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38107 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 12.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-38107 is an elevation-of-privilege vulnerability in the Windows Power Dependency Coordinator component. It carries a CVSS 3.1 base score of 7.8 and is associated with CWE-416 (use-after-free). The flaw affects supported Windows releases and allows an attacker who already possesses a local session to obtain higher privileges on the system.

An authenticated local user with low privileges can trigger the vulnerability without user interaction, resulting in full compromise of confidentiality, integrity, and availability on the affected host. Successful exploitation therefore converts a limited foothold into SYSTEM-level access.

Microsoft’s security advisory and the CISA Known Exploited Vulnerabilities catalog both list the issue, confirming that patches are available and that active exploitation has been observed in the wild. The EPSS score remains flat at 0.0335 with no material increase since disclosure.

EU & UK References

Vulnerability details

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
13 August 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20751
microsoft
windows 10 1607
≤ 10.0.14393.7259
microsoft
windows 10 1809
≤ 10.0.17763.6189
microsoft
windows 10 21h2
≤ 10.0.19044.4780
microsoft
windows 10 22h2
≤ 10.0.19045.4780
microsoft
windows 11 21h2
≤ 10.0.22000.3147
microsoft
windows 11 22h2
≤ 10.0.22621.4037
microsoft
windows 11 23h2
≤ 10.0.22631.4037
microsoft
windows 11 24h2
≤ 10.0.26100.1457
microsoft
windows server 2012
r2 · ≤ 6.2.9200.25031
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch that eliminates the use-after-free flaw before local exploitation can succeed.

prevent

Enforces least-privilege execution so an attacker starts with fewer rights, raising the bar for successful escalation to SYSTEM via the coordinator component.

prevent

Implements memory-protection safeguards that can block or complicate exploitation of the CWE-416 use-after-free condition in the Power Dependency Coordinator.

References