Microsoft Windows Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
Multiple vulnerabilities were identified in Microsoft Windows, a attacker could exploit some of these vulnerabilities to trigger elevation of privilege, sensitive information disclosure and data manipulation on the targeted system.
Note:
No patch or mitigation is currently available for CVE-2024-21302 and CVE-2024-38202 of the affected products.
For CVE-2024-21302, an attacker with administrator privileges on the target system may replace current Windows system files with outdated versions.
For CVE-2024-38202, an attacker may trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers elevation of privilege.
Impact
- Elevation of Privilege
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 for 32-bit Systems
- Windows 11 Version 24H2 for x64-based Systems
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows Server 2022, 23H2 Edition (Server Core installation)
- Windows 11 Version 23H2 for x64-based Systems
- Windows 11 Version 23H2 for ARM64-based Systems
- Windows 10 Version 22H2 for 32-bit Systems
- Windows 10 Version 22H2 for ARM64-based Systems
- Windows 10 Version 22H2 for x64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 10 Version 21H2 for x64-based Systems
- Windows 10 Version 21H2 for ARM64-based Systems
- Windows 10 Version 21H2 for 32-bit Systems
- Windows 11 version 21H2 for ARM64-based Systems
- Windows 11 version 21H2 for x64-based Systems
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202
Workaround Steps :
- Audit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations.
Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn - Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only .
Access Control overview | Microsoft Learn
Discretionary Access Control Lists (DACL) - Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability.
Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
Vulnerability Identifier
Source
Related Link
Share with