← back
CVE-2024-38107

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 1.6%● KEVCWE-416
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 1.6%KEV simPoC Nuclei Metasploit Patch referenciado
Lifecycle
13 Aug 2024Active exploitation (CISA KEV)
13 Aug 2024Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Windows Power Dependency Coordinator allows an attacker with local access to gain higher system privileges. This is dangerous because it lets them take full control of your computer.

Technical detail

This use-after-free vulnerability in Windows Power Dependency Coordinator enables privilege escalation from a local user context to SYSTEM privileges. The attack requires local code execution capability and exploits memory handling flaws in the power management subsystem.

Summary generated and translated by AI from the official description.
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →