CISA, the U.S. Cybersecurity, and Infrastructure Security Agency has issued an urgent warning to federal agencies to secure their systems against a critical vulnerability in the Windows kernel. Cybercriminals actively exploit this flaw to gain SYSTEM-level privileges, posing a serious risk to sensitive infrastructure.
While Microsoft has yet to release an official statement on the issue, reports from Bleeping Computer highlight the growing number of attacks targeting this vulnerability. The situation underscores the need for immediate action to mitigate potential breaches.
CISA confirms a cybersecurity flaw in the Windows kernel that cybercriminals can exploit
CISA, the U.S. Cybersecurity, and Infrastructure Security Agency has issued an urgent alert to federal agencies, urging them to secure systems against potential attacks targeting a Windows kernel vulnerability.
This security flaw, CVE-2024-35250, stems from an untrusted pointer dereference issue. It allows cybercriminals to gain SYSTEM-level privileges through straightforward attacks that don’t require user interaction. The flaw is particularly concerning due to its low complexity, making it easier for attackers to exploit.
While Microsoft addressed the issue in a June 2024 Patch Tuesday update, they have yet to release detailed information about the flaw. According to the DEVCORE research team, which discovered and reported the vulnerability to Microsoft through Trend Micro’s Zero Day Initiative, the issue lies within the Microsoft Kernel Streaming Service (MSKSSRV.SYS).
The vulnerability was exploited in a practical setting during the 2024 Pwn2Own Vancouver hacking contest, where DEVCORE used it to compromise a fully patched Windows 11 system successfully. Their findings have been corroborated by reports from Bleeping Computer, further highlighting the severity of the issue.
CISA has stressed the importance of taking immediate action, as successfully exploiting this vulnerability can grant attackers full SYSTEM access. While Microsoft released a patch in June that included test exploit code, the agency emphasizes the need for vigilance and timely updates to protect against potential threats.
To demonstrate the risk, the DEVCORE team published a video showing how their exploit could easily breach a Windows 11 23H2 system. This visual example underscores the critical nature of this vulnerability and the importance of implementing robust security measures.
Federal agencies and all users are encouraged to ensure their systems are updated with the latest patches and closely monitor developments. This vulnerability is a reminder of the ever-evolving cybersecurity landscape and the need for proactive defense.
CISA has also flagged a critical vulnerability in Adobe ColdFusion, which Adobe addressed with a patch in March 2024. CVE-2024-20767 flaw arises from inadequate access control measures, enabling remote attackers to access sensitive system files.
While these vulnerabilities are being actively communicated to U.S. federal authorities, CISA’s warning isn’t limited to government agencies. Organizations and private companies are strongly urged to prioritize addressing these issues to minimize the risk of cyberattacks. Ensuring systems are patched and vulnerabilities mitigated is crucial to maintaining security against potential exploitation.
Lack of a Microsoft Response
Efforts by Bleeping Computer to obtain a comment from a Microsoft representative on these issues were unsuccessful. This highlights the sensitive and urgent nature of the situation, requiring immediate attention from relevant authorities and affected entities.
These vulnerabilities underscore the critical need for proactive cybersecurity measures and the importance of collaboration between agencies, companies, and technology providers to prevent exploitation.
