CVE-2024-38122
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-38122 is a newly disclosed vulnerability affecting Microsoft's Local Security Authority (LSA) server. This issue permits an unauthenticated attacker to obtain sensitive information through a specially crafted message. The LSA server is a critical component of the Windows operating system responsible for managing security policies and user rights. Successful exploitation of this vulnerability could lead to significant security risks, including unauthorized access to system resources and potential privilege escalation. Microsoft has released a patch to address this issue and it is strongly recommended that users install the update as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows
- Microsoft Windows 11
- Microsoft Windows Server 2008
Affected Vendors
- Microsoft