CVE-2024-38138
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 13, 2024
Updated: Aug 16, 2024
CWE ID 416
Summary
CVE-2024-38138 is a newly disclosed vulnerability affecting Windows Deployment Services. This issue grants an unauthenticated attacker the ability to execute arbitrary code on targeted Windows servers. Exploitation occurs through specially crafted DHCP options in DHCP responses, which trick the Windows Deployment Services into loading and executing malicious code. This poses a significant risk to organizations using these services, necessitating immediate patching to prevent potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Windows Server 2022
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
Affected Vendors
- Microsoft