CVE-2024-38196

Name of the Vulnerable Software and Affected Versions Windows Common Log File System Driver versions prior to 10.0.10240.20751 Windows 10 versions <10.0.14393.7259 Windows 10 versions <10.0.17763.6189 Windows 10 versions <10.0.19044.4780 Windows 10 versions <10.0.19045.4780

Description This issue is an elevation-of-privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation allows attackers to gain elevated privileges on the system. Raspberry Robin malware has been observed utilizing this vulnerability (CVE-2024-38196) for local privilege escalation. Recent updates to Raspberry Robin include enhanced obfuscation techniques, a shift to ChaCha-20 encryption for network communications, and the use of fake command-and-control server addresses to evade detection. The malware also employs randomized RC4 key seeds per campaign and embeds dates of expiration within its binary code to hinder analysis and detection.

Recommendations Update Windows Common Log File System Driver to a version equal to or greater than 10.0.10240.20751. Update Windows 10 to a version equal to or greater than 10.0.14393.7259. Update Windows 10 to a version equal to or greater than 10.0.17763.6189. Update Windows 10 to a version equal to or greater than 10.0.19044.4780. Update Windows 10 to a version equal to or greater than 10.0.19045.4780.