CVE-2024-38148
Windows Secure Channel Denial of Service Vulnerability
In short
A flaw in Windows Secure Channel (SChannel) allows an attacker to cause a denial of service by sending specially crafted network packets. This can crash or hang Windows services that rely on secure communications, making them unavailable to legitimate users.
Technical detail
Out-of-bounds read vulnerability (CWE-125) in Windows SChannel implementation triggered by malformed TLS/SSL handshake packets. An unauthenticated remote attacker can send specially crafted packets to cause memory access violations, leading to service crash or DoS. No user interaction required.
Summary generated and translated by AI from the official description.
Windows Secure Channel Denial of Service Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 11 version 21H2Microsoft · Windows 11 version 22H2Microsoft · Windows 11 version 22H3Microsoft · Windows 11 Version 23H2Microsoft · Windows 11 Version 24H2Microsoft · Windows Server 2022Microsoft · Windows Server 2022, 23H2 Edition (Server Core installation)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →