Introduction

A high-severity vulnerability in the Windows kernel, identified as CVE-2024-35250, is currently under active exploitation, prompting urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) to U.S. federal agencies. This serious flaw enables local attackers to escalate their privileges to SYSTEM with relatively low complexity and without any need for user interaction.

Vulnerability Details

The security vulnerability stems from a dangerous untrusted pointer dereference weakness and affects the Microsoft Kernel Streaming Service (MSKSSRV.SYS). Notably, the DEVCORE Research Team, which first discovered the flaw, demonstrated the exploit during the prestigious Pwn2Own 2024 hacking competition by successfully breaching a fully patched Windows 11 system on the very first day of the event.

Impact and Concerns

Although Microsoft issued a patch for this vulnerability during its June 2024 Patch Tuesday release, the reality of its exploitation surfaced four months later when proof-of-concept exploit code was made available on GitHub. This has raised significant concerns within the cybersecurity community, as malicious actors can leverage this vulnerability to gain SYSTEM privileges, allowing them a near-complete takeover of affected systems.

Advisory and Response

In its advisory, Microsoft has yet to update the information to reflect that this vulnerability is actively being exploited in the wild, which has left many systems potentially vulnerable to attack. To further emphasize the potential risk, DEVCORE has published a video showcasing their proof-of-concept exploit in action.

Related Vulnerabilities

In addition to this kernel vulnerability, CISA has also highlighted a critical flaw in Adobe ColdFusion, tracked as CVE-2024-20767. This exploit allows unauthenticated remote attackers to access sensitive files on affected servers. With more than 145,000 ColdFusion servers exposed on the Internet, the potential for exploitation remains a pressing issue. The risk is particularly acute if the admin panel is accessible online, granting attackers the ability to bypass security and write files arbitrarily.

CISA's Recommendations

CISA has officially added both vulnerabilities to its Known Exploited Vulnerabilities catalog. Federal agencies are mandated to secure their networks against these threats within a strict three-week timeframe by January 6, 2024. CISA warns that such vulnerabilities are common attack vectors and pose severe risks to the federal enterprise.

Conclusion

While CISA's alerts primarily target federal agencies, it is crucial for private organizations to take proactive measures to defend against these vulnerabilities. Cybersecurity is a collective responsibility, and the potential fallout from unfixed vulnerabilities can affect everyone.

Call to Action

With the landscape of cybersecurity constantly evolving, it's vital to stay informed and ensure that your systems are updated and secure. Don't let your defenses down—act now to protect your organization from emerging threats.