Windows Vulnerability CVE-2024-30085 Allows Privilege Escalation
/ 1 min read
🛠️ Critical Windows vulnerability CVE-2024-30085 allows privilege escalation. Security researcher Alex Birnberg has disclosed a significant flaw in the Windows Cloud Files Mini Filter Driver, rated with a CVSS score of 7.8, which enables local attackers to escalate privileges to the SYSTEM level. The vulnerability arises from improper validation of user-supplied data lengths in the HsmIBitmapNORMALOpen function, leading to potential memory corruption and full system control. This flaw was successfully exploited during the TyphoonPWN 2024 competition, and it affects Windows 11 23H2 installations. Microsoft has released a patch in the June 2024 Patch Tuesday updates, urging users to apply it immediately to mitigate the risk.
Source

Original