CVERadar

CVE-2024-38199

Medium Severity

Microsoft

SVRS

30/100

CVSSv3

9.8/10

EPSS

0.07428/1

CVE-2024-38199 is a critical Remote Code Execution vulnerability in the Windows Line Printer Daemon (LPD) service. This vulnerability allows attackers to execute arbitrary code on affected systems. The Windows LPD service has a use-after-free vulnerability, classified as CWE-416, which can be exploited by sending specially crafted requests to the server. Although the CVSS score is 9.8, indicating high severity, SOCRadar's Vulnerability Risk Score (SVRS) is currently 30, suggesting that, based on Threat Actor activity and data from the dark web, the risk is not as immediate compared to vulnerabilities with SVRS scores above 80. However, due to the "In The Wild" tag, organizations should prioritize patching vulnerable systems to prevent potential exploitation. Successful exploitation could lead to complete system compromise.

TAGS

In The Wild

Vendor-advisory

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:N

S:U

C:H

I:H

A:H

E:U

RL:O

RC:C

PUBLICATION DATE2025-04-15

LAST MODIFIED2024-08-13

SOCRadar

AI Insight

Description

CVE-2024-38199 is a critical vulnerability in the Windows Line Printer Daemon (LPD) Service that allows remote code execution. This vulnerability is due to a buffer overflow in the LPD service that can be triggered by sending a specially crafted RPC request.

Key Insights

The CVSS score of 9.8 indicates that this vulnerability is critical and should be addressed immediately.
The SVRS score of 0 indicates that this vulnerability is not currently being exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, calling for immediate and necessary measures.

Mitigation Strategies

Apply the latest security updates from Microsoft.
Disable the LPD service if it is not needed.
Use a firewall to block access to the LPD service from untrusted networks.
Monitor your systems for any suspicious activity.

Additional Information

If you have any additional questions about this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

The August 2024 Security Update Review

Dustin Childs2024-11-01

The August 2024 Security Update Review | I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches

zerodayinitiative.com

rss

forum

news

Microsoft patches six actively exploited vulnerabilities - CSO Online

2024-08-13

Microsoft patches six actively exploited vulnerabilities - CSO Online | News Content: Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed. Credit: Clint Patterson / Unsplash Microsoft fixed 88 vulnerabilities on Tuesday as part of its monthly patching cycle. Six of those flaws were already being actively exploited in the wild before a patch was available and another four were publicly disclosed, putting the total number of zero-day vulnerabilities covered in this release at 10. Of the 88 vulnerabilities patched only seven are rated critical, 79 are

google.com

rss

forum

news

Social Media

transilienceai

@transilienceai

2024-11-20

Actively exploited CVE : CVE-2024-38199

Affected Software

Configuration 1

Type	Vendor	Product
OS	Microsoft	windows_10_1809
OS	Microsoft	windows_10_1607
OS	Microsoft	windows_10_1507
OS	Microsoft	windows_11_22h2
OS	Microsoft	windows_server_2022
OS	Microsoft	windows_11_21h2
OS	Microsoft	windows_10_22h2
OS	Microsoft	windows_10_21h2
OS	Microsoft	windows_server_2019
OS	Microsoft	windows_server_2016
OS	Microsoft	windows_server_2012
OS	Microsoft	windows_11_23h2
OS	Microsoft	windows_server_2022_23h2
OS	Microsoft	windows_server_2008

References

Reference	Link
[email protected]	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38199
WINDOWS LINE PRINTER DAEMON (LPD) SERVICE REMOTE CODE EXECUTION VULNERABILITY	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38199
WINDOWS LINE PRINTER DAEMON (LPD) SERVICE REMOTE CODE EXECUTION VULNERABILITY	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38199

CWE Details

CWE ID	CWE Name	Description
CWE-416	Use After Free	Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence