CVE-2024-38122

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 13, 2024
Updated: Aug 16, 2024
CWE ID 908

Summary

CVE-2024-38122 is a newly disclosed vulnerability affecting Microsoft's Local Security Authority (LSA) server. This issue permits an unauthenticated attacker to obtain sensitive information through a specially crafted message. The LSA server is a critical component of the Windows operating system responsible for managing security policies and user rights. Successful exploitation of this vulnerability could lead to significant security risks, including unauthorized access to system resources and potential privilege escalation. Microsoft has released a patch to address this issue and it is strongly recommended that users install the update as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows
  • Microsoft Windows 11
  • Microsoft Windows Server 2008

Affected Vendors

  • Microsoft