High-Severity Windows Kernel Bug Actively Exploited, CISA Warns

December 16, 2024

CISA has alerted U.S. federal agencies of ongoing attacks targeting a critical Windows kernel vulnerability, tracked as CVE-2024-35250. This security flaw, which allows local attackers to gain SYSTEM privileges without user interaction, was discovered by the DEVCORE Research Team. The team reported the vulnerability to Microsoft via Trend Micro's Zero Day Initiative. The vulnerability is found in the Microsoft Kernel Streaming Service (MSKSSRV.SYS).

DEVCORE researchers used this privilege escalation flaw to compromise a fully updated Windows 11 system during the Pwn2Own Vancouver 2024 hacking contest. Although Microsoft patched the bug in June 2024, proof-of-concept exploit code was released on GitHub four months later. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft stated in a yet-to-be-updated security advisory.

CISA also highlighted a severe Adobe ColdFusion vulnerability (CVE-2024-20767), which Adobe patched in March. This flaw allows unauthenticated, remote attackers to access the system and other sensitive files. Successful exploitation of exposed ColdFusion servers with the admin panel can allow attackers to bypass security measures and perform arbitrary file system writes. Over 145,000 Internet-exposed ColdFusion servers are tracked by the Fofa search engine, but it's unclear how many have remotely accessible admin panels.

Both vulnerabilities are listed in CISA's Known Exploited Vulnerabilities catalog as actively exploited. Under Binding Operational Directive (BOD) 22-01, federal agencies are required to secure their networks by January 6. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned. While CISA's catalog primarily alerts federal agencies about security bugs to patch, private organizations are also advised to prioritize mitigating these vulnerabilities to prevent ongoing attacks.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.