PT-2024-4627 · Microsoft · Windows Hyper-V+1
Published
2024-07-09
·
Updated
2025-08-07
·
CVE-2024-38080
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Windows Hyper-V (affected versions not specified)
Description:
The issue is related to an elevation-of-privilege vulnerability in Windows Hyper-V, which is caused by an integer overflow. This vulnerability can be exploited by an attacker to gain SYSTEM privileges. A proof-of-concept exploit has been released, and the vulnerability has been reportedly exploited in the wild.
Recommendations:
- Temporarily disable Windows Hyper-V if it is not necessary for business operations.
- Disable the Remote Desktop Licensing Service if it is not required, to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
LPE
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows Hyper-V