CVE-2024-38091 is a vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0) related to the WS-Discovery service, a network protocol used for discovering services on a local network. The vulnerability is classified under CWE-166, which involves improper handling of missing special elements during processing. Specifically, the WS-Discovery service does not correctly handle certain malformed or missing elements in network messages, which can cause the service to crash or become unresponsive, resulting in a denial of service (DoS) condition. The CVSS v3.1 base score is 7.5, indicating a high severity level. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), making it remotely exploitable by unauthenticated attackers. The scope is unchanged (S:U), and the impact affects availability only (A:H), with no confidentiality or integrity impact. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to systems running this specific Windows 10 version, especially in environments where WS-Discovery is actively used for service discovery and network management. The lack of patches at the time of publication suggests that organizations must monitor for updates and consider interim mitigations.

The primary impact of CVE-2024-38091 is on system availability, as exploitation causes the WS-Discovery service to crash or become unresponsive, potentially disrupting network service discovery and related functionalities. For European organizations, this can affect enterprise environments, especially those relying on Windows 10 Version 1809 in critical infrastructure, manufacturing, healthcare, or government sectors where service discovery protocols are integral to operations. Disruption of WS-Discovery can lead to degraded network management, delayed service provisioning, and potential cascading failures in dependent systems. Since the vulnerability is remotely exploitable without authentication, attackers could launch denial of service attacks from within or outside the network, increasing the risk of operational downtime. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Organizations with legacy systems still running Windows 10 1809 are particularly vulnerable, as newer Windows versions are not affected.

To mitigate CVE-2024-38091, organizations should prioritize upgrading affected systems from Windows 10 Version 1809 to a supported and patched Windows version where this vulnerability is resolved. In the absence of an official patch, network administrators should restrict inbound and outbound network traffic to WS-Discovery ports (typically UDP 3702) using firewalls or network segmentation to limit exposure to untrusted networks. Disabling the WS-Discovery service on systems where it is not required can reduce the attack surface. Monitoring network traffic for anomalous WS-Discovery messages and implementing intrusion detection/prevention systems with signatures for malformed WS-Discovery packets can provide early warning. Regularly reviewing and applying Microsoft security advisories and updates is essential once patches become available. Additionally, organizations should maintain an inventory of systems running Windows 10 1809 to ensure focused remediation efforts.