Lucene search

Kaspersky LabKLA71014

HistoryJul 23, 2024 - 12:00 a.m.

KLA71014 PE vulnerabilities in Microsoft Apps

2024-07-2300:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft apps

elevation of privilege

vulnerabilities

malicious users

kb section

windows update

control panel

groupme.

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

Elevation of privilege vulnerabilities were found in Microsoft Apps. Malicious users can exploit this vulnerabilities to gain privileges.

Original advisories

CVE-2024-38176

CVE-2024-38164

CVE list

CVE-2024-38176 high

CVE-2024-38164 critical

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

GroupMe

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38176

statistics.securelist.com/

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

Related for KLA71014