CVE-2024-38100: Leaked Wallpaper Exploit Exposes Windows Users to Privilege Escalation Attacks
Microsoft disclosed a critical vulnerability in Windows File Explorer, identified as CVE-2024-38100, with a CVSS score of 7.8. Discovered by Andrea Pierini from Semperis, the flaw allows attackers to gain administrator privileges through a privilege escalation exploit named "Leaked Wallpaper" by researcher Michael Zhmaylo. The vulnerability enables the leakage of a user's NetNTLM hash from any session, even from low-privileged accounts, and affects Windows File Explorer. A proof-of-concept (PoC) exploit for CVE-2024-38100 was published by Zhmaylo on GitHub, which includes code and a video demonstration. Microsoft has released a fix for this vulnerability in the July Patch Tuesday update under KB5040434 and advises users and administrators to apply this update immediately. The incident underscores the importance of regular security updates, strong password practices, robust security solutions, and user education on social engineering risks to protect against cyberattacks. CVEs: CVE-2024-38100 [View Article](https://securityonline.info/cve-2024-38100-leaked-wallpaper-exploit-exposes-windows-users-to-privilege-escalation-attacks/)