Cyber Resilience

CVE-2024-38193

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 August 2024

Published
13 August 2024
Modified
28 October 2025
KEV Added
13 August 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7323 98.8th percentile
Risk Priority 80 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38193 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-38193 is a use-after-free vulnerability (CWE-416) in the Windows Ancillary Function Driver for WinSock that permits local elevation of privilege. The flaw affects supported Windows systems and carries a CVSS 3.1 score of 7.8, reflecting local attack vector, low complexity, and low required privileges with high impact on confidentiality, integrity, and availability.

An authenticated local attacker can trigger the flaw to escalate privileges and obtain full control over the affected system. Public exploit code is available, and the vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.

Microsoft’s security update guide provides official remediation details and patch availability, while CISA guidance emphasizes prompt application of vendor fixes for affected Windows installations.

The EPSS score reached a peak of 0.7519 and remains elevated at 0.7323, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
13 August 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20751
microsoft
windows 10 1607
≤ 10.0.14393.7259
microsoft
windows 10 1809
≤ 10.0.17763.6189
microsoft
windows 10 21h2
≤ 10.0.19044.4780
microsoft
windows 10 22h2
≤ 10.0.19045.4780
microsoft
windows 11 21h2
≤ 10.0.22000.3147
microsoft
windows 11 22h2
≤ 10.0.22621.4037
microsoft
windows 11 23h2
≤ 10.0.22631.4037
microsoft
windows 11 24h2
≤ 10.0.26100.1457
microsoft
windows server 2008
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of security-relevant patches that eliminate the use-after-free flaw in the Ancillary Function Driver.

prevent

Enforces least-privilege execution so that a low-privileged local account cannot reach the vulnerable kernel driver path.

prevent

Implements memory-protection mechanisms that can block or complicate exploitation of use-after-free conditions in kernel drivers.

References