CVE-2024-35250

Warning

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Affected products Warnungen 1 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 1507 Version < 10.0.10240.20680

Microsoft ≫ Windows 10 1607 Version < 10.0.14393.7070

Microsoft ≫ Windows 10 1809 Version < 10.0.17763.5936

Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.4529

Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.4529

Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.3019

Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.3737

Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.3737

Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86

Microsoft ≫ Windows Server 2016 Version < 10.0.14393.7070

Microsoft ≫ Windows Server 2019 Version < 10.0.17763.5936

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2522

Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability

Vulnerability

Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	47.64%	0.976

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-822 Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Patch

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD