CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-26234

High Severity
Microsoft
SVRS
50/100
CVSSv3
6.7/10
EPSS
0.01098/1

CVE-2024-26234 is a Proxy Driver Spoofing Vulnerability that allows attackers to potentially spoof a proxy driver. This security flaw could be exploited to bypass security measures or redirect traffic through malicious proxies. While the CVSS score is 6.7 (Medium), the SOCRadar Vulnerability Risk Score (SVRS) of 50 indicates a moderate level of risk, suggesting that immediate patching might not be critical, but monitoring is advisable. Successful exploitation could allow an attacker to intercept sensitive data or inject malicious content into network traffic. Organizations should review vendor advisories and assess their exposure based on their network configurations and proxy driver usage. The "In The Wild" tag suggests that this vulnerability has been observed being exploited, increasing the need for awareness and potential mitigation. Addressing this vulnerability is important to maintain the integrity and security of network communications.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:H
UI:N
S:U
C:H
I:H
A:H
E:F
RL:O
RC:C
PUBLICATION DATE2025-05-03
LAST MODIFIED2024-04-09
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-26234 is a Proxy Driver Spoofing Vulnerability that allows an attacker to spoof a proxy driver, potentially leading to privilege escalation and remote code execution. The SVRS for this CVE is 0, indicating a low level of urgency and severity.

Key Insights

  • This vulnerability affects systems running Windows 10 and Windows 11.
  • An attacker could exploit this vulnerability by sending a specially crafted message to a vulnerable system.
  • Successful exploitation could allow an attacker to gain control of the system and execute arbitrary code.

Mitigation Strategies

  • Apply the latest security updates from Microsoft.
  • Disable unnecessary proxy drivers.
  • Use a firewall to block unauthorized access to the system.
  • Implement strong password policies and use multi-factor authentication.

Additional Information

  • There are no known active exploits for this vulnerability.
  • CISA has not issued a warning for this vulnerability.
  • This vulnerability is not currently being exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Thursday, April 11th, 2024
Dr. Johannes B. Ullrich2024-04-11
ISC StormCast for Thursday, April 11th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Rust Vulnerability; Adobe Updates; Fortinet Patches; Malicious Windows DriverRust Command API code execution vulnerability CVE-2024-24576 https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758 https://helpx.adobe.com/security/products/magento/apsb24-18.html https://helpx.adobe.com/security.html Fortinet FortiOS And FortiProxy Vulnerability CVE-2023
sans.edu
rss
forum
news
CVE-2024-26234 | Microsoft Windows up to Server 2022 23H2 Proxy Driver access control
vuldb.com2025-01-09
CVE-2024-26234 | Microsoft Windows up to Server 2022 23H2 Proxy Driver access control | A vulnerability, which was classified as critical, has been found in Microsoft Windows. This issue affects some unknown processing of the component Proxy Driver. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-26234. The attack needs to be approached locally. Furthermore, there is
vuldb.com
rss
forum
news
Smoke and (screen) mirrors: A strange signed backdoor - Sophos
2024-04-09
Smoke and (screen) mirrors: A strange signed backdoor - Sophos | News Content: In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious. Figure 1: Version info of the detected file. Note the typos ‘Copyrigth’ and ‘rigths’ The file’s metadata indicates that it is a “Catalog Authentication Client Service” by “Catalog Thales ” – possibly an attempt to impersonate the legitimate company Thales Group. However, after digging into both our internal data and reports on
google.com
rss
forum
news
Smoke and (screen) mirrors: A strange signed backdoor - Sophos
2024-04-09
Smoke and (screen) mirrors: A strange signed backdoor - Sophos | Description: In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious. | News Content: In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious. Figure 1: Version info of the detected file. Note the typos ‘Copyrigth
google.com
rss
forum
news
Breach Roundup: Sisense Supply Chain Attack - BankInfoSecurity.com
2024-04-11
Breach Roundup: Sisense Supply Chain Attack - BankInfoSecurity.com | News Content: Also: A Romanian Botnet and Alcohol Counselor Monument Settles With US FTC Over Ads Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, a U.S. warning for Sisense customers, a likely Romanian botnet, a really big Patch Tuesday, Apple warns iPhone owners in 92 countries about a potential spyware infection and AT&T notifies customers of data breach. Also, Online alcohol treatment firm Monument won't be able to share client data with advertisers, Home Depot employees affected by breach, Targus discloses breach and a threat
google.com
rss
forum
news
Microsoft Patch Tuesday Update Fixes Actively Exploited Flaws | Decipher - Duo Security
2024-04-10
Microsoft Patch Tuesday Update Fixes Actively Exploited Flaws | Decipher - Duo Security | News Content: By Lindsey O’Donnell-Welch Microsoft has patched over 147 flaws in its largest Patch Tuesday release since 2017, including two actively exploited vulnerabilities. One of the actively exploited bugs is an important-severity spoofing vulnerability in Windows Proxy Driver (CVE-2024-26234). While Microsoft on Tuesday originally said that the flaw was not being exploited in the wild, it later updated the advisory to confirm that the flaw had both been publicly disclosed and exploited. The flaw was discovered by Christopher Budd, director of threat research
google.com
rss
forum
news
Smoke and (screen) mirrors: A strange signed backdoor - news.sophos.com
2024-04-09
Smoke and (screen) mirrors: A strange signed backdoor - news.sophos.com | Description: In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious. | News Content: In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious. Figure 1: Version info of the detected file. Note the typos ‘Copyrigth
google.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_server_2008

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234
AF854A3A-2127-422B-91AE-364DA2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234
PROXY DRIVER SPOOFING VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234
PROXY DRIVER SPOOFING VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence