Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-43625

8.1HIGH

Key Information:

Vendor
Microsoft
Status
Windows Server 2022
Windows 11 Version 22h2
Windows 11 Version 22h3
Windows 11 Version 23h2
Vendor
CVE Published:
12 November 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

The Microsoft Windows VMSwitch Elevation of Privilege Vulnerability allows potential attackers to gain elevated access to system resources due to flawed access controls. When exploited, this vulnerability could enable an attacker to execute unauthorized commands or access sensitive information by leveraging the weaknesses in the VMSwitch component. Prompt action to address this vulnerability is recommended to maintain system security and prevent possible exploitation.

Affected Version(s)

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.4460

Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22631.4460

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.4460

News Articles

favicon imageCrowdStrike.com

November 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft has released security updates for 158 vulnerabilities, including three zero-days and four critical, for its November 2024 Patch Tuesday rollout.

2 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CrowdStrike.com

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)
.