skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Windows Vulnerability CVE-2024-30085 Allows Privilege Escalation

/ 1 min read

🛠️ Critical Windows vulnerability CVE-2024-30085 allows privilege escalation. Security researcher Alex Birnberg has disclosed a significant flaw in the Windows Cloud Files Mini Filter Driver, rated with a CVSS score of 7.8, which enables local attackers to escalate privileges to the SYSTEM level. The vulnerability arises from improper validation of user-supplied data lengths in the HsmIBitmapNORMALOpen function, leading to potential memory corruption and full system control. This flaw was successfully exploited during the TyphoonPWN 2024 competition, and it affects Windows 11 23H2 installations. Microsoft has released a patch in the June 2024 Patch Tuesday updates, urging users to apply it immediately to mitigate the risk.

Source
{entry.data.source.title}
Original