This post is also available in:
עברית (Hebrew)
A high-severity Windows vulnerability has been identified and is currently being exploited by threat actors. The flaw, tracked as CVE-2024-35250, lies in the Windows kernel-mode driver and involves an untrusted pointer dereference. This vulnerability is classified with a severity score of 7.8 out of 10. If successfully exploited, it allows attackers to elevate their privileges to SYSTEM level, which could give them full control over the affected system.
The US Cybersecurity and Infrastructure Security Agency (CISA) has officially added this vulnerability to its Known Exploited Vulnerabilities Catalog. Federal agencies have been instructed to apply the patch before January 6, 2025, to mitigate the risk of exploitation. Microsoft addressed this issue in its June 2024 Patch Tuesday updates, where it provided a fix for the flaw. The vulnerability arises when an application uses an untrusted pointer, which leads it to access unintended memory locations. This can result in system crashes or, in the worst case, provide attackers with unauthorized access to sensitive data and full system control.
The vulnerability was discovered and reported by DEVCPORE researchers, who also provided proof-of-concept exploit code. As of now, malicious actors have been seen actively leveraging this flaw, making it critical for organizations, particularly federal agencies, to apply the fix as soon as possible.
Alongside the Windows vulnerability, CISA has also flagged another critical issue: an improper access control flaw (CVE-2024-20767) in Adobe ColdFusion. This flaw allows attackers to manipulate or access restricted files via ColdFusion’s internet-exposed admin panel. This vulnerability also requires prompt mitigation by January 6, 2025, for federal agencies.
CISA emphasized the importance of prioritizing the timely patching of these vulnerabilities to reduce the risk of cyberattacks. Federal agencies, in particular, are urged to adopt a proactive approach in addressing these issues as part of their ongoing vulnerability management practices.
With both vulnerabilities posing a significant risk to sensitive systems, swift action is crucial to prevent potential exploitation.
