Windows File Explorer Privilege Escalation (CVE-2024-38100) Exploited

Home/Exploitation, Internet Security, Security Advisory, Security Update, Tips, vulnerability, windows/Windows File Explorer Privilege Escalation (CVE-2024-38100) Exploited

Windows File Explorer Privilege Escalation (CVE-2024-38100) Exploited

A critical Windows File Explorer flaw, CVE-2024-38100, has been exploited, allowing attackers to gain admin-level access through an Elevation of Privilege (EoP) vulnerability.

CVE-2024-38100

The flaw in the ShellWindows DCOM object (CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39}) in Windows File Explorer allows attackers to exploit improper access controls when File Explorer runs at a High Integrity Level.

Attackers could use COM Cross-Session Activation to create a ShellWindows object in an elevated session, like an administrator’s, according to the analysis. They could then use methods like ShellExecute to escalate privileges, run commands, or launch reverse shells.

The flaw, assigned a CVSS v3.1 score of 7.8 (high severity), could allow:

  • Unauthorized access to sensitive files and resources.
  • Installation of malicious software.
  • System modifications or full compromise.

Exploitation requires only local access, with low attack complexity. A proof-of-concept exploit disclosed in July 2024 further raises the risk of active attacks.

Affected Windows Server versions include:

  • Windows Server 2016: Below 10.0.14393.7159
  • Windows Server 2019: Below 10.0.17763.6054
  • Windows Server 2022: Below 10.0.20348.2582
  • Windows Server 2022 (23H2): Below 10.0.25398.1009

Mitigation and Patch Availability

Microsoft resolved this vulnerability in the July 2024 Patch Tuesday update (KB5040434), removing unnecessary permissions for Authenticated Users when File Explorer runs at a High Integrity Level.

Recommended Actions:

  • Apply Security Updates: Update all affected systems to the latest patched versions.
  • Implement Least Privilege: Limit user permissions to the minimum necessary.
  • Monitor Activity: Audit logs regularly for unusual behavior indicating exploitation attempts.
  • Educate Users: Raise awareness about risks of running untrusted software or handling suspicious files.

The exploitation of CVE-2024-38100 highlights the need for proactive security practices and timely patching. Organizations should prioritize updates and enhance their defenses to mitigate related risks.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 139
By | 2025-01-23T02:14:03+05:30 January 22nd, 2025|Exploitation, Internet Security, Security Advisory, Security Update, Tips, vulnerability, windows|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!