CVE-2024-38104 | MSRC Compact Detail

Severity

Important

Impact

Remote Code Execution

CVSS

8.8 base · 7.7 temporal

Release

2024-07-09

Signals

Windows Fax and Scan Service Remote Code Execution Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely

CWE

CWE-822: Untrusted Pointer Dereference

Patch Diff

Loading module diff metadata...

Resolved binary override

Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.

Old version New version

Description

No description was published by MSRC.

FAQ / Articles

Mitigation

The following mitigating factor might be helpful in your situation: To be exploitable by this vulnerability the Windows Fax Service has to be installed and configured. If Windows Fax Service is enabled, consider disabling it until you have installed this update that addresses this vulnerability.

FAQ

How could an attacker exploit this vulnerability? An authenticated attacker with normal user privileges that has already compromised a fax server, to which the victim is connected, can exploit this vulnerability to execute arbitrary code on the victim machine.

MSRC Fields

Module / Tag

Windows Fax and Scan Service

Release number

2024-Jul

Latest revision

2024-07-09

CNA

Microsoft

Customer action

required

Denial of service

N/A

CVSS Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

References

MSRC

Official detail

CVE Record

CVE.org

Revision History

v1 · 2024-07-09

Information published.

CVE-2024-38104 · Windows Fax Service Remote Code Execution Vulnerability