CVE-2024-37982

Q: What is the severity of CVE-2024-37982?

CVE-2024-37982 has a CVSS score of 6.7 (MEDIUM). This vulnerability allows attackers to bypass security features in Windows Resume Extensible Firmware Interface (Resume EFI) during system resume operations. It affects Windows systems with Resume EFI enabled, potentially allowing unauthorized access or privilege escalation during the boot/resume process.

6.7 MEDIUM

📋 TL;DR

This vulnerability allows attackers to bypass security features in Windows Resume Extensible Firmware Interface (Resume EFI) during system resume operations. It affects Windows systems with Resume EFI enabled, potentially allowing unauthorized access or privilege escalation during the boot/resume process.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Resume EFI feature enabled. Most modern Windows systems with UEFI firmware are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via Secure Boot bypass, allowing persistent malware installation or unauthorized access to encrypted data during resume operations.

🟠

Likely Case

Local privilege escalation or security feature bypass during system resume, potentially enabling attackers to disable security controls or gain elevated privileges.

🟢

If Mitigated

Limited impact with proper Secure Boot configurations and physical security controls in place.

🌐 Internet-Facing: LOW - Requires local access or physical presence to exploit during system resume operations.

🏢 Internal Only: MEDIUM - Internal attackers with physical access or local system access could exploit during resume operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of system resume operations. Exploitation likely requires physical access or local system compromise first.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2024 security updates (KB5040435 for Windows 11, KB5040431 for Windows 10, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37982

Restart Required: Yes

Instructions:

1. Open Windows Update Settings. 2. Check for updates. 3. Install July 2024 security updates. 4. Restart system when prompted.

🔧 Temporary Workarounds

Disable Resume EFI

windows

Disable the Resume Extensible Firmware Interface feature in UEFI/BIOS settings

Enable Secure Boot

windows

Ensure Secure Boot is properly configured and enabled in UEFI firmware

🧯 If You Can't Patch

Implement strict physical security controls to prevent unauthorized physical access to systems
Enable BitLocker with TPM protection and require pre-boot authentication

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for July 2024 security updates. If not installed, system is vulnerable.

Check Version:

wmic os get caption, version, buildnumber

Verify Fix Applied:

Verify July 2024 security updates are installed via Windows Update history or by checking system version.

📡 Detection & Monitoring

Log Indicators:

Unexpected system resume events
Secure Boot policy violations in Event Logs
UEFI firmware modification attempts

Network Indicators:

None - local exploit only

SIEM Query:

EventID=12 OR EventID=13 (System startup/shutdown) with suspicious timing or from unauthorized locations

📊 Metadata

CVE ID: CVE-2024-37982

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-822

Published: October 8, 2024

Last Updated: October 16, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37982 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft