Elevation of Privilege Vulnerability in Microsoft Windows Cloud Files Mini Filter Driver
CVE-2024-30085

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 11 Version 21h2
Windows Server 2022
Windows 10 Version 1809
Windows Server 2019 (server Core Installation)
Vendor
CVE Published:
11 June 2024

Badges

📈 Trended📈 Score: 2,990👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2024-30085?

CVE-2024-30085 is an elevation of privilege vulnerability associated with the Windows Cloud Files Mini Filter Driver developed by Microsoft. This driver is integral to the management of cloud file storage and synchronization on Windows systems. Exploitation of this vulnerability could allow a malicious actor to gain elevated permissions on an affected system, compromising the integrity and confidentiality of organizational data. Such an incident could lead to unauthorized access to sensitive information or even complete control over the system, thereby posing a significant risk to the security posture of an organization.

Technical Details

CVE-2024-30085 arises from improper handling within the Windows Cloud Files Mini Filter Driver. This flaw provides the potential for users to escalate their privileges and execute commands or actions that should be restricted. Although specific technical mechanisms of exploitation are not disclosed, vulnerabilities of this nature typically require local access or execution of specially crafted inputs to trigger the elevation of privilege.

Potential Impact of CVE-2024-30085

  1. Unauthorized Data Access: Attackers exploiting this vulnerability could gain access to sensitive files and data stored on the affected systems, leading to potential data leaks or breaches.

  2. System Compromise: With elevated privileges, malicious users could alter system configurations, install malware, or disable security features, thereby undermining the organization's security measures.

  3. Increased Attack Surface: The exploitation of this vulnerability may lead to further attacks within the network, as an elevated privilege could enable lateral movement across the organization’s infrastructure, escalating the scope of a cyberattack.

Affected Version(s)

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5936

Windows 10 Version 1809 ARM64-based Systems 10.0.0 < 10.0.17763.5936

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.4529

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-30085
Created by Adamkadaban

Exploit-PoC-para-CVE-2024-30085
Created by murdok1982

News Articles

favicon imageGBHackers News

Windows 11 Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM level.

2 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed2 Proof of Concept(s)1 News Article(s)
.