Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-35250
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 11 June 2024
Badges
What is CVE-2024-35250?
CVE-2024-35250 is a severe vulnerability related to the Windows kernel-mode driver that enables elevation of privilege. This issue affects Microsoft’s operating systems, where an adversary can exploit the vulnerability to execute arbitrary code in kernel mode, potentially allowing them to gain higher access privileges than intended. If successfully leveraged, this could lead to unauthorized actions within the system, posing significant threats to organizational security and data integrity.
Technical Details
This vulnerability arises from improper validation within the Windows kernel-mode driver, allowing attackers to manipulate processes at a low level within the operating system. This can facilitate the execution of malicious commands, potentially altering system configurations or installing persistent backdoors for further exploitation. The flaw can be triggered through local means, making it particularly alarming as a low-hanging opportunity for attackers with initial access to the system.
Potential Impact of CVE-2024-35250
-
Unauthorized System Control: Successful exploitation may enable attackers to gain elevated privileges, allowing them to execute arbitrary code within the operating system, potentially compromising sensitive systems and applications.
-
Data Breaches: By escalating privileges, attackers could access restricted data, leading to unauthorized data extraction or manipulation, thus posing a serious threat to confidentiality.
-
Malware Deployment: The vulnerability could be leveraged to install and execute various types of malware, such as ransomware, which could further compromise the affected environment and pose risks to business continuity.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20680
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7070
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5936
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Petri IT KnowledgebaseCVE-2024-35250CISA Issues Alert on Critical Windows Kernel Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Windows kernel vulnerability to its Known Exploited Vulnerabilities (KEV)
2 months ago
ForbesCVE-2024-35250New Microsoft Windows Security Deadline—Why You Must Update Before Jan. 6
America’s Cyber Defense Agency, CISA, has warned a Microsoft Windows kernel vulnerability is now being exploited in the wild —here’s what you need to know and do.
2 months ago
Techzine EuropeCVE-2024-35250Critical Windows kernel vulnerability easily escalates system privileges
Windows vulnerability exposed: hackers take advantage of CVE-2024-35250 to gain system privileges.
2 months ago
References
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved