I’M UNDER A CYBER ATTACK

Alert

Alert 2024-34 Public POC for CVE-2024-38080 in Hyper-V

Affected Product(s):

Windows Hyper-V

Description:

In July, the vulnerability CVE-2024-38080 (CVSS 7.8) was disclosed, which affects Windows Hyper-V, Microsoft’s hypervisor used for virtualized environments. This is a privilege escalation (EoP) vulnerability that has already been exploited in the wild and is listed in CISA’s Known Exploited Vulnerabilities Catalog.

The flaw lies in the VidExoBrokerIoctlReceive function of Hyper-V and stems from an integer overflow, allowing malicious actors to manipulate system memory. By exploiting this vulnerability, attackers can execute code with SYSTEM-level privileges, achieving full control of the compromised system.

Recently, a security researcher published a detailed analysis and proof-of-concept (PoC) code for this critical vulnerability, which has already been patched in Windows Hyper-V. However, the vulnerability poses a significant risk for organizations that rely on Microsoft’s virtualization.

The PoC for this vulnerability is publicly available on GitHub, increasing the risk for organizations using Hyper-V for critical workloads, as it provides a clear guide for attackers to replicate the exploit. As a result, it is likely to be actively exploited in the near future.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.