Tag Archives: ksthunk

About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability

About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability. The vulnerability is from the August Microsoft Patch Tuesday. It wasn’t highlighted in reviews; all we knew was that a local attacker could gain SYSTEM privileges.

Three and a half months later, on November 27, SSD Secure Disclosure released a write-up with exploit code. This vulnerability was exploited at TyphoonPWN 2024, earning the researcher a $70,000 prize.

SSD stated in their write-up that communications with Microsoft were problematic and noted that “at the time of trying this on the latest version of Windows 11, the vulnerability still worked”. It’s unclear if this “time of trying” was before the August MSPT or just before the write-up was released in November. If the second option, the vulnerability might still be a 0day. 🤔🤷‍♂️

No reports of this vulnerability being exploited in attacks yet.

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: ksthunk

About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability