Windows Elevation of Privilege Vulnerability CVE-2024-43452 Disclosed
/ 1 min read
🛡️💻 New Windows vulnerability CVE-2024-43452 poses serious security risks. Security researchers have disclosed details about CVE-2024-43452, a Windows Registry Elevation of Privilege vulnerability with a CVSS score of 7.5, which could allow attackers to gain SYSTEM-level access. Reported by Mateusz Jurczyk from Google Project Zero, the flaw arises from a design oversight in memory management during registry hive loading, particularly under memory pressure. Jurczyk’s proof-of-concept exploit demonstrates how a malicious SMB server can manipulate data to corrupt the registry hive structure. Microsoft has addressed this vulnerability in the November 2024 Patch Tuesday updates, and users are urged to apply the patch immediately. Organizations are also advised to monitor SMB traffic and restrict access to registry operations to mitigate risks.
