Windows Kernel Bug Now Exploited in Attacks to Gain System Privileges
Summary
A high-severity Windows kernel vulnerability, identified as CVE-2024-35250, is currently being exploited in the wild. This flaw, stemming from an untrusted pointer dereference in the Microsoft Kernel Streaming Service (MSKSSRV.SYS), allows local attackers to escalate privileges to SYSTEM level without user interaction. Initially discovered by the DEVCORE Research Team and demonstrated at the Pwn2Own Vancouver 2024 hacking contest, Microsoft addressed the issue in June 2024. However, recent reports indicate that threat actors are actively leveraging this vulnerability in attacks.
Analyst Comments
Threat actors could exploit CVE-2024-35250 by deploying malware or malicious scripts that take advantage of the vulnerability to gain SYSTEM-level privileges on a target machine. This would enable them to bypass existing security mechanisms, install additional payloads, move laterally within the network, and potentially gain control over critical systems.
By leveraging this vulnerability, attackers can maintain persistence, disable security tools, and execute arbitrary code with the highest level of privilege. The availability of proof-of-concept exploit code and the relatively low complexity of the attack make it particularly appealing to both sophisticated and less advanced adversaries. Organizations that delay applying the available patch leave themselves exposed to significant risk.
Suggested Corrections:
To protect against exploitation of CVE-2024-35250, organizations should immediately apply the security patches released in June 2024 and verify that the updates have been successfully deployed across all systems.
Link(s):
https://www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/