2 min Security

Critical Windows kernel vulnerability easily escalates system privileges

Critical Windows kernel vulnerability easily escalates system privileges

A highly critical Windows kernel vulnerability discovered earlier this year allows hackers to quickly access system privileges without interacting with end users. CISA has since warned about this, as the exploit is being actively abused.

The critical Windows vulnerability CVE-2024-35250 has been known since June this year. This vulnerability exposes Windows systems at the kernel level to a possible escalation of system privileges. This so-called untrusted “pointer” vulnerability allows local hackers to gain access to system privileges through relatively simple attacks that do not require end-user interaction.

Security experts from the DEVCORE Research Team discovered the vulnerability. According to them, the cause lies in the Microsoft Kernel Streaming Service (MSKSSRV.SYS), a component of the Windows kernel. The researchers successfully compromised a Windows 11 23H2 system with it.

Microsoft has since released a patch for this vulnerability and shared a proof-of-concept via GitHub. Nevertheless, the vulnerability remains current and is likely to be actively exploited. The U.S. cybersecurity regulator CISA has, therefore, issued an official warning. US government agencies are urged to update their Windows systems as soon as possible.

Adobe ColdFusion vulnerability

In addition to the Windows kernel warning, CISA also warns about a critical vulnerability in Adobe ColdFusion, registered as CVE-2024-20767. This vulnerability results from poor access control, allowing unauthorized attackers to access systems and read files remotely.

By compromising ColdFusion servers whose admin environments are publicly accessible, attackers can bypass security measures and perform arbitrary file system writes. Meanwhile, search engines like Fofa monitor more than 145,000 exposed ColdFusion servers worldwide. Adobe already fixed the vulnerability in March of this year.

CISA added both vulnerabilities to its Known Exploited Vulnerabilities catalogue and marked them as actively exploited. By law, U.S. government organizations are required to take action against these threats within three weeks. Other companies are also strongly advised to patch as soon as possible.

Also read: Windows IoT Core vulnerable to hackers