A Critical Vulnerability Discovered in Windows File Explorer

As technology security becomes increasingly complex each day, new vulnerabilities continue to pose threats to our systems. The vulnerability identified in Windows File Explorer under the identifier CVE-2024-38100 is a clear example of this issue. This vulnerability has raised concerns among cybersecurity professionals and prompted organizations to strengthen precautionary measures.

CVE-2024-38100 is classified as an “Elevation of Privilege” vulnerability, allowing attackers to gain administrator-level access on affected systems.

This vulnerability is related to the Distributed Component Object Model (DCOM) object in Windows File Explorer. Specifically, the ShellWindows DCOM object (CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39}) operates under the security context of the logged-in user.

However, due to errors in permissions and access management, attackers exploited this vulnerability via File Explorer running in a high-security context.

The attackers used the following methods to exploit the vulnerability:

• Utilizing the COM Cross-Session Activation technique to create a ShellWindows object in a high-privilege session (e.g., administrator).
• Executing commands or launching malicious code using the ShellExecute method.

This vulnerability allows attackers to:

• Gain unauthorized access to sensitive data.
• Install malicious software.
• Modify system settings or take complete control of the system.

The severity of this vulnerability is rated 7.8 on the CVSS v3.1 scale, indicating a high level of risk. Exploiting this vulnerability requires only local access to the system.

The CVE-2024-38100 vulnerability affects the following versions of Windows Server:

• Windows Server 2016: Versions below 10.0.14393.7159.
• Windows Server 2019: Versions below 10.0.17763.6054.
• Windows Server 2022: Versions below 10.0.20348.2582.
• Windows Server 2022 (23H2): Versions below 10.0.25398.1009.

Microsoft addressed this vulnerability in its July 2024 security update (KB5040434). This update restricted permissions for authenticated users when File Explorer operates in a high-security context.

To protect against this vulnerability, the following measures are recommended:

1. Update Systems: Install the latest security updates released by Microsoft for all affected Windows versions.
2. Restrict Privileges: Ensure users operate with only the minimum required permissions and avoid excessive use of administrator privileges.
3. Monitor Network Activity: Track suspicious activities, such as modifications to DLL files or execution of unusual commands.
4. Educate Users: Raise awareness about the risks of downloading suspicious software or opening files from untrusted sources.

The CVE-2024-38100 vulnerability once again highlights the importance of timely security measures and regular system updates. Software and systems that fail to meet modern standards can pave the way for new threats. Every organization must continuously enhance its security policies.

Every step toward ensuring network security matters! Start by updating your systems today and make security a top priority!