Cybersecurity Threat Advisory: Critical Windows kernel vulnerability
A pointer dereference weakness was discovered within the Microsoft Kernel Streaming Service that would allow an attacker to escalate their privileges to SYSTEM without any user interaction being required. Review the details in this Cybersecurity Threat Advisory to learn how to keep your system secure.
What is the threat?
This vulnerability allows an attacker to dereference a pointer in such a way that it references a different instance of the value. As a result, this can lead to privilege escalation, enabling the attacker to elevate their privileges from User Mode to Kernel Mode. A patch was made available in the June 2024 Patch Tuesday. Those using Windows versions prior to 23h2 are susceptible to the vulnerability.
Why is it noteworthy?
The Kernel Streaming Service is a standard service within every Windows device and is used by many programs. Many of the service’s features require quick access to RAM and other services, so it is run in Kernel mode. When proper protections are in place, it’s safe for a program to use kernel mode. However, problems arise when these protections are missing or incomplete.
What is the exposure or risk?
Upon successful exploitation, an attacker can provide a different value and provide additional user input, which can lead to privilege escalation.
What are the recommendations?
Barracuda recommends the following action to secure your Windows systems:
- Update systems to the latest release. If any devices are currently prior to version 23H2, it is recommended to apply the June Patch Tuesday release.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/
- https://nvd.nist.gov/vuln/detail/cve-2024-35250
- https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en/#the-vulnerability–exploitation
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
