IRONSMITHINTEL
CRITICALCVSS9.1
|CVE-2024-38160|Auth: none|Reboot: required|Manual only

KB5041773: Windows Server 2016 Security Update (August 2024)

A crafted network packet to the Windows Network Virtualization layer can give an attacker code execution on the Hyper-V host's networking stack.

Published Aug 13, 2024 · Updated May 21, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

An attacker who has any code execution inside a Hyper-V guest VM can deliver crafted network traffic to the Network Virtualization layer and overflow a heap buffer in the host's networking stack, executing code on the host. Same threat model as CVE-2024-38159 (a use-after-free in the same layer): one compromised guest reaches into the host networking stack and from there can pivot to other guests on the same hypervisor.

How the attack works

Companion to CVE-2024-38159 in the same Network Virtualization layer — a heap-based buffer overflow rather than a use-after-free. Crafted network traffic overflows the heap and lets the attacker execute code in the host's networking stack.

Am I affected?Quick check

Probably yes if any of these apply:

Hyper-V hosts using Network Virtualization

Affected OS versions

Windows Server 2016
Real-world incidentsWhat we've seen

Same scenario as CVE-2024-38159 — multi-tenant Hyper-V host, compromised tenant pivots through the virtualisation layer to the host networking stack. Both CVEs patched together; install both.

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB5041773

Manual remediation steps

Prerequisites

    1
    Local administrator on the target server
    1
    Maintenance window with reboot capacity
    1
    Current backup or snapshot you can roll back to
    1
    Network path to Windows Update / WSUS / Microsoft Update Catalog

Estimated time

20–40 minutes per server (download + install + reboot)

Reboot required

Yes — install the cumulative update and reboot the server before the fix is active.

Steps

1. Confirm the server is missing the patch

Get-HotFix -Id KB5041773 -ErrorAction SilentlyContinue

2. Install the update — pick one channel

Windows Update / WSUS (preferred):

UsoClient ScanInstallWait

Manual download (offline / air-gapped):

1
Open Microsoft Update Catalog: https://catalog.update.microsoft.com/Search.aspx?q=KB5041773
2
Download the MSU for Windows Server 2016 that matches your architecture (x64).
3
Copy the .msu file to the server and run as Administrator.

3. Reboot

Restart-Computer -Force

Verification

Get-HotFix -Id KB5041773
[System.Environment]::OSVersion.Version

Rollback

wusa.exe /uninstall /kb:5041773 /quiet /norestart

Notes

    1
    This entry covers Windows Server 2016 specifically (KB5041773). Other Windows Server versions have their own KB for CVE-2024-38160.
    1
    Reference advisories: MSRC https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38160 and NVD https://nvd.nist.gov/vuln/detail/CVE-2024-38160.
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-38160MSRC AdvisoryNVDKBKB5041773