CVE-2024-38202
CVSS 3.1 Score 7.3 of 10 (high)
Details
Summary
CVE-2024-38202: Microsoft has addressed an elevation of privilege vulnerability in Windows Update. This issue allows an attacker with basic user privileges to potentially reintroduce previously mitigated vulnerabilities or bypass Virtualization Based Security (VBS) features. For exploitation, the attacker needs a privileged user to perform a system restore, which inadvertently triggers the vulnerability. Microsoft released a security update on October 8, 2024, and customers can download it from the CVE's security updates table. Additional steps may be necessary to protect Windows Recovery Environment (WinRE) for certain Windows versions. Customers unable to apply the update right away can find guidance in the Recommended Actions section to minimize risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows Server 2016
- Windows Server 2022
- Microsoft Windows Server 2019
- Microsoft Windows 10 1607
- Microsoft Windows 10
Affected Vendors
- Microsoft