Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21345

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows Server 2022, 23h2 Edition (server Core Installation)
Vendor
CVE Published:
13 February 2024

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟣 EPSS 20%πŸ“° News Worthy

What is CVE-2024-21345?

A vulnerability exists in the Windows Kernel that allows attackers to elevate their privileges on affected systems. By exploiting this bug, an unauthorized user can execute arbitrary code with elevated permissions, potentially taking control of the system. This flaw underscores the importance of applying security updates promptly to mitigate such risks and protect sensitive data from malicious actors. Further information regarding this vulnerability can be found in the Microsoft advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Windows Server 2022, 23H2 Edition (Server Core installation) x64-based Systems 10.0.25398.0 < 10.0.25398.709

News Articles

favicon imageCyber Security Informer

Top Cyber Security Informer Penetration Testing Security Awareness Content for April, 2024

Best content around Penetration Testing Security Awareness selected by the Cyber Security Informer community.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by Cyber Security Informer

  • Vulnerability published

  • Vulnerability Reserved

JSON
.