Critical Windows Kernel Flaw Could Let Hackers Gain System Privileges

CISA has flagged a critical Windows kernel vulnerability that could grant attackers system privileges.

Published: Dec 18, 2024

Security

SHARE ARTICLE

Key Takeaways:

  • The flaw, discovered by the DEVCORE Research team, allows attackers to gain system privileges.
  • This security vulnerability was patched by Microsoft in the June 2024 Patch Tuesday updates.
  • The Adobe ColdFusion Flaw allows attackers to access or modify restricted files on exposed systems.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Windows kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This security flaw (tracked as CVE-2024-35250) poses a serious threat by allowing attackers to gain elevated system privileges.

The DEVCORE Research team discovered the vulnerability and reported it to Microsoft through Trend Micro’s Zero Day Initiative. This is a Windows Kernel-Mode Driver Elevation of Privilege flaw with a CVSS score 7.8. A Windows kernel-mode driver is a type of software that operates at the core level of the Windows operating system.

Cybercriminals could exploit this flaw to gain system privileges in low-complexity attacks without user interaction. The DEVCORE Research team exploited this vulnerability to compromise a fully patched Windows 11 device during this year’s Pwn2Own Vancouver hackathon.

Microsoft addressed the security flaw in the June 2024 Patch Tuesday updates. Moreover, the proof-of-concept (PoC) was released on GitHub a few months later. The DEVCORE researchers released a video demo showing their CVE-2024-35250 exploit hacking a Windows 11 version 23H2 device.

CISA adds critical Adobe ColdFusion vulnerability to the exploited list

Additionally, CISA has also added an Adobe ColdFusion vulnerability (tracked as CVE-2024-20767), which was patched in March 2024. This critical vulnerability could allow remote unauthenticated hackers to read arbitrary files on the system. It affects Adobe ColdFusion versions 2023.6, 2021.12, and earlier.

“An attacker could leverage this vulnerability to access or modify restricted files,” CISA explained. “Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.”

Fortunately, CISA has not identified any ransomware attacks exploiting these vulnerabilities in the wild. However, these flaws still pose a significant risk to enterprise networks. To mitigate potential threats, CISA has instructed all federal agencies to apply the necessary fixes by January 6, 2026.

SHARE ARTICLE