Main Vulnerability Database SB20240312338

SB20240312338 - Code execution in Microsoft Windows USB Hub Driver

Published: March 12, 2024

Security Bulletin ID SB20240312338

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2024-21429)

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the Windows USB Hub Driver. An attacker with physical access can pass specially crafted input to the application and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429