Skip to main content

CVE-2024-38184: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1809

High
VulnerabilityCVE-2024-38184cvecve-2024-38184cwe-125
Published: Tue Aug 13 2024 (08/13/2024, 17:29:51 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

AI-Powered Analysis

AILast updated: 07/04/2025, 04:13:28 UTC

Technical Analysis

CVE-2024-38184 is a high-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). It is classified as a CWE-125: Out-of-bounds Read vulnerability occurring within a Windows kernel-mode driver. This vulnerability allows an attacker with limited privileges (low-level privileges) to perform an elevation of privilege attack by exploiting improper memory bounds checking in kernel-mode code. Specifically, the vulnerability arises when the kernel-mode driver reads memory outside the intended buffer boundaries, potentially leaking sensitive information or causing memory corruption. The CVSS v3.1 score of 7.8 reflects a high impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), requiring low attack complexity (AC:L), and low privileges (PR:L) but no user interaction (UI:N). The scope is unchanged (S:U), meaning the vulnerability affects resources within the same security scope. Successful exploitation can lead to full compromise of the affected system, allowing attackers to execute arbitrary code in kernel mode, bypass security controls, and gain elevated privileges. No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating the need for vigilance and proactive mitigation. The vulnerability was reserved in June 2024 and published in August 2024, indicating recent discovery and disclosure.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for those still operating legacy or unpatched Windows 10 Version 1809 systems. Exploitation could allow attackers to escalate privileges from a low-privileged user account to SYSTEM-level access, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, disruption of critical services, and the deployment of persistent malware or ransomware. Given the kernel-level nature of the vulnerability, the impact on system integrity and availability is severe. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitive nature of their data and the criticality of their operations. The local attack vector means that attackers need some form of access to the system, which could be achieved through phishing, compromised credentials, or insider threats. The lack of user interaction requirement increases the risk of automated exploitation once local access is obtained. The absence of known exploits in the wild currently provides a window for organizations to remediate before active exploitation occurs.

Mitigation Recommendations

European organizations should prioritize the following mitigations: 1) Identify and inventory all systems running Windows 10 Version 1809 (build 17763.0) to understand exposure. 2) Apply the official Microsoft security update as soon as it becomes available; monitor Microsoft security advisories closely. 3) Until patches are available, implement strict access controls to limit local user access, including enforcing least privilege principles and restricting administrative rights. 4) Employ endpoint detection and response (EDR) solutions to monitor for suspicious kernel-level activity or privilege escalation attempts. 5) Harden systems by disabling unnecessary services and features that could provide local access vectors. 6) Conduct user awareness training to reduce risk of initial compromise vectors such as phishing. 7) Use application whitelisting and exploit mitigation technologies like Windows Defender Exploit Guard to reduce attack surface. 8) Regularly audit and monitor logs for unusual behavior indicative of exploitation attempts. These targeted actions go beyond generic advice by focusing on controlling local access, monitoring kernel-level threats, and prioritizing patch management for the specific affected version.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2024-06-11T22:36:08.216Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0f81484d88663aeb280

Added to database: 5/20/2025, 6:59:04 PM

Last enriched: 7/4/2025, 4:13:28 AM

Last updated: 8/12/2025, 5:44:58 AM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats