What is the severity of CVE-2024-38081?

CVE-2024-38081 is classified as an Elevation of Privilege Vulnerability.

What systems are affected by CVE-2024-38081?

CVE-2024-38081 affects multiple versions of .NET Framework, Visual Studio 2022, and various .NET products on Windows.

How do I fix CVE-2024-38081?

To address CVE-2024-38081, apply the latest patches or updates from Microsoft for the affected products.

What are the potential impacts of CVE-2024-38081?

CVE-2024-38081 can potentially allow an attacker to gain elevated privileges on a vulnerable system.

Is there a way to determine if CVE-2024-38081 is exploited in my environment?

Monitoring logs for unusual authorization attempts or running vulnerability scans can help identify potential exploitation of CVE-2024-38081.

Vulnerability/
CVE-2024-38081

high

7.3

CWE

9/7/2024

11/3/2025

CVE-2024-38081: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

First published: Tue Jul 09 2024(Updated: )

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft .NET 8.0		fix available externally
Microsoft .NET 6.0		fix available externally
nuget/Microsoft.IO.Redist	>=4.6.0-preview.18571.3<=6.0.0	6.0.1
Microsoft .NET Framework 4	=3.0	fix available externally fix available externally
Microsoft .NET Framework 4	=4.6.2	fix available externally fix available externally
Microsoft .NET Framework 4	=3.5	fix available externally fix available externally
Microsoft .NET Framework 4	=2.0	fix available externally fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally fix available externally
Microsoft .NET Framework 4	=3.5	fix available externally fix available externally
Microsoft .NET Framework 4	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework 4	=3.5.1	fix available externally fix available externally
Microsoft .NET Framework 4	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally
Microsoft .NET Framework 4	=3.5	fix available externally
Microsoft .NET Framework 4	=4.6.2=4.7=4.7.1=4.7.2	fix available externally
Microsoft .NET Framework 4	=4.6=4.6.2	fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally
Microsoft .NET Framework 4	=4.6.2=4.7=4.7.1=4.7.2	fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.7.2	fix available externally
Microsoft .NET Framework 4	=3.5	fix available externally
Microsoft .NET Framework 4	=3.5=4.7.2	fix available externally
Microsoft .NET Framework 4	=3.5=4.7.2	fix available externally
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Visual Studio Community 2022	=17.6	fix available externally
Visual Studio Community 2022	=17.8	fix available externally
All of
Any of
Microsoft .NET Framework 4	=4.6.2
Microsoft .NET Framework 4	=4.7
Microsoft .NET Framework 4	=4.7.1
Microsoft .NET Framework 4	=4.7.2
Any of
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server
Microsoft Windows Server	=r2
All of
Any of
Microsoft .NET Framework 4	=3.5
Microsoft .NET Framework 4	=4.8
Any of
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Windows 11
Microsoft Windows Server	=r2
Microsoft Windows Server
Microsoft Windows Server	=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
All of
Microsoft .NET Framework 4	=3.5.1
Microsoft Windows Server	=r2
All of
Microsoft .NET Framework 4	=3.5
Any of
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Server
Microsoft Windows Server	=r2
All of
Microsoft .NET Framework 4	=3.0-sp2
Any of
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
All of
Microsoft .NET Framework 4	=2.0-sp2
Any of
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
All of
Microsoft .NET Framework 4	=4.6.2
Any of
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
All of
Microsoft .NET Framework 4	=4.8.1
Any of
Microsoft Windows 10
Microsoft Windows 10
Windows 11
Windows 11
Windows 11
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft .NET Framework	>=6.0.0<6.0.32
Visual Studio Community 2022	>=17.4<17.4.21
Visual Studio Community 2022	>=17.6<17.6.17
Visual Studio Community 2022	>=17.8<17.8.12
All of
Any of
Microsoft .NET Framework 4	=3.5
Microsoft .NET Framework 4	=4.7.2
Any of
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-38081?
CVE-2024-38081 is classified as an Elevation of Privilege Vulnerability.
What systems are affected by CVE-2024-38081?
CVE-2024-38081 affects multiple versions of .NET Framework, Visual Studio 2022, and various .NET products on Windows.
How do I fix CVE-2024-38081?
To address CVE-2024-38081, apply the latest patches or updates from Microsoft for the affected products.
What are the potential impacts of CVE-2024-38081?
CVE-2024-38081 can potentially allow an attacker to gain elevated privileges on a vulnerable system.
Is there a way to determine if CVE-2024-38081 is exploited in my environment?
Monitoring logs for unusual authorization attempts or running vulnerability scans can help identify potential exploitation of CVE-2024-38081.

collector/msrc
source/Microsoft
agent/software-canonical-lookup
agent/type
agent/first-publish-date
collector/msrc-cve
agent/title
agent/weakness
agent/author
agent/severity
agent/references
agent/description
collector/github-advisory-latest
source/GitHub
alias/GHSA-hq7w-xv5x-g34j
alias/CVE-2024-38081
collector/github-advisory
agent/remedy
agent/event
agent/trending
agent/source
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
collector/nvd-cve
vendor/microsoft
canonical/microsoft .net 8.0
canonical/microsoft .net 6.0
package-manager/nuget
canonical/microsoft .net framework 4
version/microsoft .net framework 4/3.0
version/microsoft .net framework 4/4.6.2
version/microsoft .net framework 4/3.5
version/microsoft .net framework 4/2.0
version/microsoft .net framework 4/4.8
version/microsoft .net framework 4/4.7
version/microsoft .net framework 4/4.7.1
version/microsoft .net framework 4/4.7.2
version/microsoft .net framework 4/3.5.1
version/microsoft .net framework 4/4.6
version/microsoft .net framework 4/4.8.1
canonical/visual studio community 2022
version/visual studio community 2022/17.6
version/visual studio community 2022/17.4
version/visual studio community 2022/17.8
canonical/microsoft windows server
version/microsoft windows server/r2-sp1
version/microsoft windows server/r2
canonical/microsoft windows 10
canonical/windows 11
canonical/microsoft windows server 2016
canonical/microsoft windows server 2019
canonical/microsoft windows server 2022
version/microsoft windows server/sp2
version/microsoft .net framework 4/3.0-sp2
version/microsoft .net framework 4/2.0-sp2
canonical/microsoft .net framework
version/microsoft .net framework/6.0.0