CVE-2024-30088

Published Jun 11, 2024

Last updated a month ago

Exploit knownCVSS high 7.0

Overview

Description
Windows Kernel Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Exploit added on
Oct 15, 2024
Exploit action due
Nov 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-367
secure@microsoft.com
CWE-367

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-30088

    @transilienceai

    25 Oct 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2024-30088 is getting exploited #inthewild. Find out more at https://t.co/QiT95nLyZp CVE-2021-4444 is getting exploited #inthewild. Find out more at https://t.co/uq5M6rwnfk CVE-2024-40711 is getting exploited #inthewild. Find out more at https://t.co/T1KmDbBwqH

    @inthewildio

    23 Oct 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Cyberattacchi di OilRig nel Medio Oriente: analisi approfondita Sicurezza Informatica, apt34, CVE-2024-30088, Earth Simnavaz, exchange, guerra cibernetica, malware, Medio Oriente, oilrig, server https://t.co/caTMgyA03z https://t.co/1dmBNngLOb

    @matricedigitale

    22 Oct 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #ThreatProtection Read more about Symantec Data Center Security (DCS) protection against CVE-2024-30088. https://t.co/1CTnMfBTxr #Vulnerability

    @threatintel

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. گروه هکری ایرانی با نام Earth Simnavaz با استفاده از تکنینک های پیچیده اقدام به دسترسی به سرورها و شبکه های امارات نموده اند. این گروه هکری با اکسپلویت کردن آسیب پذیری مربوط به Exchange با کد شناسایی CVE-2024-30088 اقدام به سرقت اطلاعات نموده است. https://t.co/Y2P1U3eX7Y https://

    @AmirHossein_sec

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References