Tag Archives: DEVCORE

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased. This vulnerability was fixed as part of the June Microsoft Patch Tuesday. As in the case of the CVE-2024-30090 vulnerability, it was discovered by a researcher with the nickname Angelboy from DEVCORE. And it also affects the Kernel Streaming framework, and specifically its core component – the ks.sys driver. Angelboy wrote about this vulnerability in a post on August 23.

On October 13, a PoC of the exploit, released by user varwara, appeared on GitHub. The repository also contains a video demonstrating the launch of the exploit and obtaining System privileges.

Updates are available for Windows 10 and 11, and Windows Server from 2008 to 2022.

На русском

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased

Leave a reply

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased. The vulnerability was fixed as part of the June Microsoft Patch Tuesday. At that time, no one highlighted this vulnerability. The vulnerability was discovered by a researcher with the nickname Angelboy from the DEVCORE company. The details are described in a series of his posts published on August 23 and October 5.

The vulnerability affects the Kernel Streaming framework, which is responsible for processing stream data. It is used, for example, when the system needs to read data from your microphones or webcams into RAM. This framework works mainly in kernel mode.

On October 5, Angelboy posted a video, demonstrating exploitation of this vulnerability for obtaining an interactive console with System privileges.

On October 17, a researcher with the nickname Dor00tkit released a PoC of the exploit on GitHub.

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: DEVCORE

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased