CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38041

High Severity
Microsoft
SVRS
46/100
CVSSv3
5.5/10
EPSS
0.12346/1

CVE-2024-38041, a Windows Kernel Information Disclosure Vulnerability, allows attackers to potentially access sensitive data. Although the CVSS score is 5.5 (Medium), indicating a moderate threat, the SOCRadar Vulnerability Risk Score (SVRS) is 46, reflecting a lower perceived urgency based on SOCRadar's threat intelligence. This vulnerability involves CWE-200, signifying improper information handling that could expose internal system details. Even with a moderate CVSS and SVRS score, the "In The Wild" tag means exploitation has been observed. Successful exploitation could lead to further attacks by giving adversaries valuable insights into the system's configuration. Mitigating CVE-2024-38041 is crucial for maintaining data security and preventing potential escalation of privileges. The vendor advisory should be consulted for appropriate patching procedures to minimize risk.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:N
A:N
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-07-09

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The July 2024 Security Update Review
Dustin Childs2024-07-09
The July 2024 Security Update Review | We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for July 2024For July, Adobe released three
cve-2024-37977
cve-2024-38051
cve-2024-38015
cve-2024-38054
Patch Tuesday - July 2024
Greg Wiseman2024-07-09
Patch Tuesday - July 2024 | Microsoft has published 139 vulnerabilities this July 2024 Patch Tuesday, two of which had already been seen exploited in the wild.Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the
rapid7.com
rss
forum
news
1.702
2024-07-10
1.702 | Newly Added (138)ICONICS GENESIS64 CVE-2024-1182 Path Traversal VulnerabilityPrivilege Escalation Vulnerabilities fixed in ICONICS GENESIS64 10.97.3Microsoft Dynamics 365 CVE-2024-30061 Information Disclosure VulnerabilityMicrosoft Windows Text Services
fortiguard.com
rss
forum
news
CVE-2024-38041 | Microsoft Windows up to Server 2022 23H2 Kernel information disclosure
vuldb.com2024-07-09
CVE-2024-38041 | Microsoft Windows up to Server 2022 23H2 Kernel information disclosure | A vulnerability classified as problematic has been found in Microsoft Windows. This affects an unknown part of the component Kernel. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-38041. Local access is required to approach this attack. There is no exploit available. It is recommended
cve-2024-38041
domains
urls
cves

Social Media

Exploiting Microsoft Kernel Applocker Driver (CVE-2024-38041) #MicrosoftKernelCVE #CyberSecurityServices #PatchDiffing #ExploitationProcess #RootCauseAnalysis https://t.co/oAPFdgAdz0
0
0
3
Microsoft’s latest patch didn’t just fix a bug—it opened Pandora’s box. CVE-2024-38041 is the key to bypassing KASLR, and you’re about to learn how attackers exploit it. Forget “secure coding”—this vulnerability proves that even giants like Microsoft leave cracks in their armor.
0
0
0
Exploiting Microsoft Kernel Applocker Driver (CVE-2024-38041) : https://t.co/JPD6uqTGjD https://t.co/2dPecMsvIj
0
1
4
@bopin2020 @TinySecEx It's actually CVE-2024-38041 that I reported. But they also fixed it without noticing me😂
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38041
WINDOWS KERNEL INFORMATION DISCLOSURE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38041

CWE Details

CWE IDCWE NameDescription
CWE-200Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence