9.8 CVE-2024-38063
Enriched by CISA Patch Exploit
Windows TCP/IP Remote Code Execution Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-38063
Categories
CWE-191 : Integer Underflow (Wrap or Wraparound)
This can happen in signed and unsigned cases.
CWE-NVD-noinfo
References
secure@microsoft.com Patch
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Patch Vendor Advisory |
AFFECTED (from MITRE)
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 Version 1809 |
|
| Microsoft | Windows Server 2019 |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
|
| Microsoft | Windows Server 2022 |
|
| Microsoft | Windows 11 version 21H2 |
|
| Microsoft | Windows 10 Version 21H2 |
|
| Microsoft | Windows 11 version 22H2 |
|
| Microsoft | Windows 10 Version 22H2 |
|
| Microsoft | Windows 11 version 22H3 |
|
| Microsoft | Windows 11 Version 23H2 |
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
|
| Microsoft | Windows 10 Version 1507 |
|
| Microsoft | Windows 10 Version 1607 |
|
| Microsoft | Windows Server 2016 |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows Server 2012 |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
|
| Microsoft | Windows Server 2012 R2 |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
|
| Microsoft | Windows 11 Version 24H2 |
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. | ||
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* | < 10.0.10240.20751 | |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* | < 10.0.14393.7259 | |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* | < 10.0.17763.6189 | |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* | < 10.0.19044.4780 | |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* | < 10.0.19045.4780 | |
| cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* | < 10.0.22000.3147 | |
| cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* | < 10.0.22621.4037 | |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* | < 10.0.22631.4037 | |
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* | < 10.0.26100.1457 | |
| cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* | < 6.2.9200.25031 | |
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* | < 10.0.14393.7259 | |
| cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* | < 10.0.17763.6189 | |
| cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* | < 10.0.20348.2655 | |
| cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* | < 10.0.25398.1085 | |
REMEDIATION
Patch
| Url |
|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
