CVE-2024-38051 hasn’t been fixed on Windows devices, as CrowdStrike Spotlight still picks it up

Multiple Windows users reported the issue.

2 min. read

Published onJuly 23, 2024

published onJuly 23, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

The July Patch Tuesday updates were released two weeks ago, and they fixed more than 140 vulnerabilities, many of them critical and important.

The patch fixed many vulnerabilities, including CVE-2024-38051, which allows remote code execution. Fixing it was a priority for the Redmond-based tech giant, as it could lead to serious hacking issues and the risk of losing sensitive information.

However, even though two weeks have passed since the vulnerability was fixed,some Windows users have reportedthat external anti-malware software, such as CrowdStrike, is still picking it up.

Good day all,

Not sure if the community is aware, but even though we are patched with this KB. It is being flagged as vulnerable per below. Is there a fix or any insight as to why it’s still being flagged? Thank you.

This is being picked up by Crowdstrike Spotlight.

C:\Windows\System32\gdi32full.dll

Version

10.0.22621.3672

Expected Value

10.0.22621.3880

CrowdStrike is famously experiencing a security crisisright now, but apparently, it’s not the company’s fault that CVE-2024-38051 is still being picked up on Windows devices.

One of the users says Microsoft might be at fault since it’s happening on multiple devices.

This is confirmed to be true with us. It appears Microsoft failed to properly update the DLL file, as it has not been modified since last patch Tuesday on my device. Microsoft must provide us with a hotfix patch to remediate this ASAP.

What to do? For now, if you’re dealing with it, you can report it to Microsoft and CrowdStrike.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

CVE-2024-38051 hasn’t been fixed on Windows devices, as CrowdStrike Spotlight still picks it up#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

CVE-2024-38051 hasn’t been fixed on Windows devices, as CrowdStrike Spotlight still picks it up