- Description
- Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
- Exploit added on
- Dec 16, 2024
- Exploit action due
- Jan 6, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
I've been analyzing newly disclosed vulnerabilities in popular systems, including Mitel MiCollab (CVE-2024-41713, CVE-2024-35286), Zyxel Firewalls (CVE-2024-11667), and Microsoft Windows (CVE-2024-35250, CVE-2024-49138). Ivanti is also affected (CVE-2025-0282, CVE-2025-0283).
@agentwhitehat
15 Jan 2025
232 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【情报】CVE-2024-35250存在后门🚨🚨🚨 昨天收到情报在分析,Github上面的CVE-2024-35250项目,由原始开发者0xjiefeng针对国内安全人员进行定向投毒🤪 使用Visual Studio打开 .sln 或者.csproj 项目文件后,VS 会自动加载并调用关联的 .suo 文件,从而触发恶意代码,这是之前披露过的的投毒手法😂 https://t.co/UkPFEIivSk
@AabyssZG
8 Jan 2025
4257 Impressions
8 Retweets
64 Likes
29 Bookmarks
4 Replies
0 Quotes
CISA has warned U.S. federal agencies to secure their systems against this actively exploited vulnerability 1. CVE-2024-35250 (Windows Kernel Vulnerability) - A high-severity flaw caused by an untrusted pointer dereference in the Microsoft Kernel Streaming Service (MSKSSRV.SYS).
@dCypherIO
5 Jan 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-35250: Windows Kernel-Mode Driver Privilege Escalation Flaw Analyzed https://t.co/ETQ99IjJvz #bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #apipentesting #nodebb #pentesting
@redcytadel
29 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has warned U.S. federal agencies to secure their systems against this actively exploited vulnerability 1. CVE-2024-35250 (Windows Kernel Vulnerability) - A high-severity flaw caused by an untrusted pointer dereference in the Microsoft Kernel Streaming Service (MSKSSRV.SYS).
@dCypherIO
20 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آژانس امنیت سایبری و امنیت زیرساخت ایالات متحده (CISA) به نهادهای فدرال آمریکا هشدار داده است که سیستمهای خود را در برابر حملات فعالی که یک آسیبپذیری شدید در هسته ویندوز را هدف قرار میدهند، امن کنند.این نقص امنیتی که با شناسه CVE-2024-35250 ردیابی شده است.
@cybernetic_cy
19 Dec 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-35250 : Windows kernel bug now exploited in attacks to gain SYSTEM privileges https://t.co/l1FaCvjkcn
@freedomhack101
19 Dec 2024
9 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Un error del kernel de Windows ahora se aprovecha en ataques para obtener privilegios del SISTEMA. Registrada como CVE-2024-35250, esta falla de seguridad permite a los atacantes locales obtener privilegios de SISTEMA. #ciberseguridad #cybersecurity https://t.co/u3pkVeH9NQ https
@EHCGroup
18 Dec 2024
9 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
سازمان CISA در مورد دو آسیب پذیری با کد شناسایی CVE-2024-20767 و CVE-2024-35250 هشدار داد. آسیب پذیری اول مربوط به محصول ColdFusion بوده که اجازه می دهد فایل ها را read کنند. آسیب پذیری دوم مربوط به kernel ویندوز بوده و از نوع privilege escalation می باشد. https://t.co/Poz3aKYxT1
@AmirHossein_sec
18 Dec 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-29404 is getting exploited #inthewild. Find out more at https://t.co/sjnUIFDV9P CVE-2024-35250 is getting exploited #inthewild. Find out more at https://t.co/HHQD5WeiX8 CVE-2024-20767 is getting exploited #inthewild. Find out more at https://t.co/QmVvFhkoSA
@inthewildio
18 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - varwara/CVE-2024-35250: PoC for the Untrusted Pointer Dereference in the ks.sys driver https://t.co/Fjh7U4m7sc
@akaclandestine
18 Dec 2024
889 Impressions
4 Retweets
8 Likes
4 Bookmarks
0 Replies
0 Quotes
Опасная уязвимость в ядре Windows (CVE-2024-35250) уже используется в реальных кибератаках. Подробнее https://t.co/ckAyFFKOxr https://t.co/euFlKxeeUe
@KZCERT
18 Dec 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsカーネル脆弱性「CVE-2024-35250」が標的にSYSTEM権限取得の危険性と対策急務 https://t.co/SHBSb8a49Q #izumino_trend
@sec_trend
17 Dec 2024
55 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Windowsカーネルの脆弱性を悪用したSYSTEM権限取得攻撃に関する注意喚起(CVE-2024-35250) https://t.co/AqZ1ANYOwQ #izumino_trend
@sec_trend
17 Dec 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added #Adobe ColdFusion and #Microsoft #Windows kernel vulnerabilities CVE-2024-20767 & CVE-2024-35250 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/P5CinqZV68 & apply mitigations to protect your org from cyberattacks.
@byt3n33dl3
17 Dec 2024
69 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
⚠️重要なWindows セキュリティ警告が発表されました! CISAが深刻な脆弱性(CVE-2024-35250)を特定。 Windows 10およびServer 2008以降のすべてのバージョンに影響。 2025年1月までの対応が必須です。 Windows 10のサポート終了に向けて、選択肢は2つ: ・Windows 11へのアップグレード… https://t.co/Q0prsgmYdz https://t.co/34VQvpB0T7
@TechTrendsJP
17 Dec 2024
56 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA warns U.S. federal agencies of ongoing attacks exploiting Windows kernel flaw (CVE-2024-35250) for SYSTEM privileges. Adobe ColdFusion vulnerability (CVE-2024-20767) also actively exploited. 🔒 #WindowsKernelExploitation #CVE2024 #CybersecurityNe… https://t.co/kToU7hlWjN
@TweetThreatNews
17 Dec 2024
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🗞️ Windows Kernel Vulnerability Exploited for System Privilege Escalation A high-severity Windows kernel vulnerability, CVE-2024-35250, is being actively exploited to gain SYSTEM privileges on compromised machines. CISA has warned agencies to patch immediately to prevent furthe
@gossy_84
17 Dec 2024
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🆘 CISA advierte: Que la vulnerabilidad de Windows requiere solución inmediata 🛡️ 🛡 CISA exige a las agencias que cierren la vulnerabilidad en el kernel de Windows antes del 6 de enero 🤭 ❗ CVE-2024-35250 permite a los atacantes obtener privilegios de SISTEMA en un ataque… ht
@stegaintell
17 Dec 2024
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:12月16日〜17日のセキュリティ関連ニュース/記事】 <脆弱性> ・Windowsカーネルのバグ、SYSTEM権限獲得する目的で悪用される(CVE-2024-35250) https://t.co/E2mTJrAfF8 ・シュコダのセキュリティ欠陥:無数の車両がリモート攻撃のリスクにさらされる https://t.co/ZhaVjFIOIk… https://t.co/CaaCmz3Ez7
@MachinaRecord
17 Dec 2024
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Windows and Adobe ColdFusion Vulnerabilities Actively Exploited in the Wild, PoC Exploit Published Urgent warning: CVE-2024-35250 & CVE-2024-20767 are being actively exploited by malicious actors. Take action now to protect your system https://t.co/o4AOCqctZa
@the_yellow_fall
17 Dec 2024
359 Impressions
4 Retweets
4 Likes
6 Bookmarks
0 Replies
1 Quote
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-35250 #Microsoft #Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability https://t.co/nqcH64GpfR
@ScyScan
16 Dec 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Two Known Exploited Vulnerability to Catalog: CVE-2024-20767 - Adobe ColdFusion Improper Access Control CVE-2024-35250 - Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference https://t.co/wO1JEcVjy5 https://t.co/E9q6jwvjOB
@TMJIntel
16 Dec 2024
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - varwara/CVE-2024-35250: PoC for the Untrusted Pointer Dereference in the ks.sys driver https://t.co/Fjh7U4m7sc
@akaclandestine
27 Oct 2024
1206 Impressions
6 Retweets
14 Likes
6 Bookmarks
0 Replies
0 Quotes
Windows カーネルモード・ドライバの脆弱性 CVE-2024-35250 が FIX:PoC も公開 https://t.co/a5mn5wyatr #BugBounty #CyberAttack #Devcore #EoP #Exploit #PoCExploit #Pwn2Own #Vulnerability #Windows
@iototsecnews
23 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The severity of the Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased. On October 13, a PoC of the exploit, released by user varwara, appeared on GitHub. #Microsoft #kssys #KernelStreaming #DEVCORE ➡️ https://t.co/FyCxnFMmrI https:
@leonov_av
22 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-35250: Windows 11 Kernel-Mode Driver EoP/LPE https://t.co/UxEoBwWNoA 2. CVE-2024-44193: iTunes for Windows - LPE https://t.co/C3p0B828YB 3. CVE-2024-9464: Palo Alto Expedition Authenticated CI https://t.co/5OPNnJ7NGY
@42mayfly
21 Oct 2024
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub - varwara/CVE-2024-35250: PoC for the Untrusted Pointer Dereference in the ks.sys driver https://t.co/Fjh7U4m7sc
@akaclandestine
19 Oct 2024
1158 Impressions
4 Retweets
12 Likes
4 Bookmarks
0 Replies
0 Quotes
【情报】新Windows提权漏洞CVE-2024-35250🚨 PoC for the Untrusted Pointer Dereference in the ks.sys driver😢 Github地址:https://t.co/qHy6OicYzT 提权适用的Windows版本挺多的,但动作很明显,实测大部分XDR都拦截动态行为了🫣 #cybersecurity #CyberSafety #redteam #blueteam #exploit #CVE https://t.co/rAgpZJPnmL
@AabyssZG
6731 Impressions
37 Retweets
113 Likes
56 Bookmarks
3 Replies
0 Quotes
#exploit 1. CVE-2024-35250: Windows 11 Kernel-Mode Driver EoP/LPE https://t.co/JCHRLHXVib 2. CVE-2024-44193: iTunes for Windows - LPE https://t.co/se0HV2pUtI 3. CVE-2024-9464: Palo Alto Expedition Authenticated CI https://t.co/G5lQTBLjx8
@airacaaaa
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1. CVE-2024-35250: Windows 11 Kernel-Mode Driver EoP/LPE https://t.co/vCoFWg4cK2 2. CVE-2024-44193: iTunes for Windows - LPE https://t.co/TaEcUZybXC 3. CVE-2024-9464: Palo Alto Expedition Authenticated CI https://t.co/nZDbcw79y5
@ShaiiikShoaiiib
71 Impressions
0 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
#exploit Streaming vulnerabilities from Windows Kernel - Proxying to Kernel Part 1 (CVE-2024-30084, CVE-2024-35250): https://t.co/PCeCq0JWCZ Part 2 (CVE-2024-30090): https://t.co/TjOAfoSNWv ]-> https://t.co/heJDE8ujc3
@ksg93rd
2654 Impressions
13 Retweets
55 Likes
21 Bookmarks
0 Replies
0 Quotes
#exploit Streaming vulnerabilities from Windows Kernel - Proxying to Kernel Part 1 (CVE-2024-30084, CVE-2024-35250): https://t.co/aQ7z3rFyrV Part 2 (CVE-2024-30090): https://t.co/qcD48Qk9xt ]-> https://t.co/TXaaRcNG71
@airacaaaa
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950"
}
],
"operator": "OR"
}
]
}
]