PoC Exploit Released For Windows Kernel-Mode Drivers Privilege Escalation Flaw
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability in Windows Kernel-Mode Drivers has been exposed with the release of a Proof-of-Concept (PoC) exploit, allowing attackers to escalate privileges to SYSTEM level.
The vulnerability, identified as CVE-2024-35250, affects various versions of Windows, including Windows 11 and Windows Server editions.
The flaw is described as a Windows Kernel-Mode Driver Elevation of Privilege Vulnerability, which an attacker can exploit to gain elevated privileges on a compromised system.
This vulnerability is particularly concerning as it allows attackers to bypass security measures and execute arbitrary code with SYSTEM privileges.
The vulnerability was first highlighted in a detailed blog post by DEVCORE, a cybersecurity research firm, which delved into the attack surface of Windows Kernel Streaming.
The researchers identified several vulnerabilities, including CVE-2024-35250, which was used in the Pwn2Own Vancouver 2024 event to successfully compromise Windows 11.
The PoC exploit on GitHub demonstrates how an attacker can exploit the vulnerability to achieve arbitrary code execution with SYSTEM privileges.
The exploit leverages a logical bug in the Kernel Streaming service, specifically in the handling of `IOCTL_KS_PROPERTY` requests.
The vulnerability is attributed to an oversight in the Kernel Streaming architecture, which allows an attacker to perform arbitrary `IOCTL_KS_PROPERTY` operations.
This can be achieved by using the `KSPROPERTY_TYPE_UNSERIALIZESET` flag, which allows an attacker to operate on multiple properties through a single call.
The release of the PoC exploit highlights the urgency of patching vulnerable systems. Microsoft has already issued a security update to address the vulnerability, and users are advised to update their systems as soon as possible to prevent exploitation.
In light of this development, cybersecurity experts are emphasizing the importance of keeping systems up-to-date and implementing robust security measures to prevent such attacks.
The vulnerability has been present in Windows systems for nearly 20 years, making it a critical issue that requires immediate attention.
Users are advised to update their systems to the latest version to prevent exploitation of this vulnerability. The PoC exploit serves as a reminder of the importance of staying vigilant and proactive in addressing security vulnerabilities.
#Cyber_Security_News #Exploit #Vulnerability #Windows #CVE-2024-35250 #cyber_security #cyber_security_news
Оригинальная версия на сайте:
PoC Exploit Released For Windows Kernel-Mode Drivers Privilege Escalation Flaw
Author: Guru BaranA critical vulnerability in Windows Kernel-Mode Drivers has been exposed with the release of a Proof-of-Concept (PoC) exploit, allowing attackers to escalate privileges to SYSTEM level.
The vulnerability, identified as CVE-2024-35250, affects various versions of Windows, including Windows 11 and Windows Server editions.
The flaw is described as a Windows Kernel-Mode Driver Elevation of Privilege Vulnerability, which an attacker can exploit to gain elevated privileges on a compromised system.
This vulnerability is particularly concerning as it allows attackers to bypass security measures and execute arbitrary code with SYSTEM privileges.
The vulnerability was first highlighted in a detailed blog post by DEVCORE, a cybersecurity research firm, which delved into the attack surface of Windows Kernel Streaming.
The researchers identified several vulnerabilities, including CVE-2024-35250, which was used in the Pwn2Own Vancouver 2024 event to successfully compromise Windows 11.
The PoC exploit on GitHub demonstrates how an attacker can exploit the vulnerability to achieve arbitrary code execution with SYSTEM privileges.
The exploit leverages a logical bug in the Kernel Streaming service, specifically in the handling of `IOCTL_KS_PROPERTY` requests.
The vulnerability is attributed to an oversight in the Kernel Streaming architecture, which allows an attacker to perform arbitrary `IOCTL_KS_PROPERTY` operations.
This can be achieved by using the `KSPROPERTY_TYPE_UNSERIALIZESET` flag, which allows an attacker to operate on multiple properties through a single call.
The release of the PoC exploit highlights the urgency of patching vulnerable systems. Microsoft has already issued a security update to address the vulnerability, and users are advised to update their systems as soon as possible to prevent exploitation.
In light of this development, cybersecurity experts are emphasizing the importance of keeping systems up-to-date and implementing robust security measures to prevent such attacks.
The vulnerability has been present in Windows systems for nearly 20 years, making it a critical issue that requires immediate attention.
Users are advised to update their systems to the latest version to prevent exploitation of this vulnerability. The PoC exploit serves as a reminder of the importance of staying vigilant and proactive in addressing security vulnerabilities.
#Cyber_Security_News #Exploit #Vulnerability #Windows #CVE-2024-35250 #cyber_security #cyber_security_news
Оригинальная версия на сайте:
