The Download
A high-severity Windows kernel vulnerability (CVE-2024-35250) allows local attackers to gain SYSTEM privileges through an untrusted pointer dereference in the Microsoft Kernel Streaming Service (MSKSSRV.SYS). This low-complexity exploit requires no user interaction and was demonstrated by DEVCORE Research Team at Pwn2Own Vancouver 2024, successfully compromising a fully patched Windows 11 system. Attackers exploiting this vulnerability can potentially gain complete system-level access, enabling them to execute arbitrary code, install malware, modify system configurations, and create new user accounts with administrative privileges.
What You Can Do
IT administrators must prioritize patching systems immediately using Microsoft's June 2024 Patch Tuesday updates. As mandated by CISA's Binding Operational Directive, federal agencies must secure their networks within three weeks, with the deadline set for January 6. Private organizations are also strongly advised to apply patches promptly and conduct thorough vulnerability assessments. Additionally, implement robust endpoint protection, monitor for suspicious system-level activities, and maintain updated security configurations to mitigate potential exploitation risks.
Know your attack surface with ThreatMate. Sign up for a demo today!
To Learn More: