CVE-2024-38138

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 16, 2024
CWE ID 416

Summary

CVE-2024-38138 is a newly disclosed vulnerability affecting Windows Deployment Services. This issue grants an unauthenticated attacker the ability to execute arbitrary code on targeted Windows servers. Exploitation occurs through specially crafted DHCP options in DHCP responses, which trick the Windows Deployment Services into loading and executing malicious code. This poses a significant risk to organizations using these services, necessitating immediate patching to prevent potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Windows Server 2022
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019

Affected Vendors

  • Microsoft