Urgent Security Alert: Protecting Against Critical Windows Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning to federal agencies in the United States, urging them to fortify their systems against ongoing threats linked to a severe vulnerability within the Windows kernel.
Understanding CVE-2024-35250
This particular security issue, identified as CVE-2024-35250, stems from an untrusted pointer dereference flaw. This weakness enables local attackers to escalate their privileges to SYSTEM level with minimal effort and without requiring any user interaction.
While Microsoft has not disclosed extensive details in its security advisory released earlier this year, the DEVCORE Research Team—who discovered this vulnerability—reported that it affects the Microsoft Kernel Streaming Service (MSKSSRV.SYS). They communicated their findings through Trend Micro’s Zero Day Initiative.
Exploitation Demonstrated at Pwn2Own Vancouver 2024
During this year’s Pwn2Own Vancouver hacking competition, DEVCORE researchers successfully exploited this privilege escalation flaw on a fully updated Windows 11 system on its very first day. This incident underscores the potential risks associated with unpatched vulnerabilities.
Microsoft addressed this issue during its June 2024 Patch Tuesday update; however, proof-of-concept exploit code was made publicly available on GitHub just four months later. According to Microsoft’s advisory regarding CVE-2024-35250, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” Notably, the advisory has yet to be revised to reflect that active exploitation is occurring.
A video demonstration showcasing how DEVCORE utilized their proof-of-concept exploit against a Windows 11 device is available for viewing online.
Additional Threats: Adobe ColdFusion Vulnerability
In addition to addressing issues within Windows systems, CISA has also highlighted a significant vulnerability affecting Adobe ColdFusion (tracked as CVE-2024-20767). This flaw was patched by Adobe back in March but continues to pose risks due to several proof-of-concept exploits surfacing online since then.
CVE-2024-20767 arises from improper access control measures that allow unauthenticated remote attackers access sensitive files across systems. SecureLayer7 reports that exploiting vulnerable ColdFusion servers with exposed admin panels can enable attackers not only read access but also arbitrary file system modifications.
According to data from Fofa search engine analytics, there are over 145,000 ColdFusion servers accessible via the Internet; however, identifying those specifically with remotely accessible admin panels remains challenging for cybersecurity professionals.
CISA’s Response and Recommendations
CISA has officially added both vulnerabilities—CVE-2024-35250 and CVE-2024-20767—to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation attempts. As per Binding Operational Directive (BOD) 22–01 requirements issued by CISA, federal agencies are mandated to secure their networks by January 6—a mere three weeks from now—to mitigate these threats effectively.
“These types of vulnerabilities frequently serve as attack vectors for malicious cyber actors and present substantial risks,” stated CISA officials regarding these critical flaws.
While primarily aimed at federal entities needing immediate action on these vulnerabilities through timely patching efforts outlined in CISA’s KEV catalog alerts; private organizations are equally encouraged not only prioritize remediation but also enhance overall cybersecurity measures against such ongoing attacks.
By staying informed about emerging threats and implementing robust security protocols promptly can significantly reduce exposure risk associated with these high-severity vulnerabilities.