New Windows Vulnerability CVE-2024-30085 Discovered
/ 1 min read
🪣 New Windows vulnerability CVE-2024-30085 allows privilege escalation. A heap-based buffer overflow vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) has been identified, enabling attackers to escalate privileges to NT AUTHORITY\SYSTEM. By crafting a custom reparse point, an attacker can trigger the overflow, corrupt adjacent objects, and leak kernel pointers. The vulnerability was discovered by researchers from SSD Secure Disclosure and Theori, and it has been patched in the KB5039211 update for Windows 10 22H2. The exploit involves multiple steps, including creating exploit files and manipulating memory layouts to gain arbitrary read and write capabilities, ultimately allowing for full system access. Detailed technical analysis and exploitation methods are provided in the article.
