Microsoft Audio Bus Flaw Allows Remote Code Execution for Attackers

Cisco Talos’ Vulnerability Research team has identified two critical vulnerabilities in Microsoft products, which the company has addressed during the recent Patch Tuesdays. These vulnerabilities underscore the necessity of prompt security updates and the dangers linked to unpatched systems.

Denial-of-Service Vulnerability Discovered in Microsoft High-Definition Audio Bus Driver

Identified by Marcin “Icewall” Noga, CVE-2024-45383 is a vulnerability within the Microsoft HD Audio Bus Driver that could enable an attacker to trigger a denial of service.

This driver is essential for the Windows operating system’s communication with external audio devices, including those built into motherboards or connected via HD audio interfaces.

The vulnerability stems from improper handling of IRP (I/O Request Packet) requests within the driver’s interface.

An attacker could exploit this flaw by sending numerous IRP Complete requests to the driver, resulting in a denial of service and potentially causing the operating system to display a “Blue Screen of Death.”

Stale Memory Dereference Vulnerability Found in Microsoft Pragmatic General Multicast Server

A researcher from Cisco Talos uncovered a memory corruption vulnerability in the Pragmatic General Multicast server within the Microsoft Windows 10 Kernel, identified as CVE-2024-38140. This vulnerability can be activated by a specially crafted network packet that accesses outdated memory structures, leading to memory corruption. Attackers could exploit this flaw by sending a series of malicious packets.

While Talos independently discovered and reported this issue to Microsoft, the company had already recognized the problem internally before releasing a patch earlier this year. These vulnerabilities highlight the critical need for regular security updates and the risks posed by unpatched systems. Users are strongly encouraged to keep their systems updated with the latest patches to mitigate the potential for exploitation. The prompt disclosure and resolution of these vulnerabilities reflect the cooperative efforts between security researchers and vendors in safeguarding users against possible threats.



Share this post :