CISA Warns Federal Agencies About Windows Kernel Vulnerability

CISA, the Cybersecurity and Infrastructure Security Agency, is currently alerting federal agencies about “ongoing attacks” targeting a high-severity Windows kernel vulnerability.

That vulnerability is tracked as CVE-2024-35250, an untrusted pointer dereference weakness which enables hackers to gain system privileges. The flaw is relatively easy to exploit, and doesn’t require the victim to do anything to trigger the hack.

Microsoft disclosed and patched CVE-2024-35250 in June, but the team that discovered the flaw, DEVCORE Research Team, shared more information about the vulnerability that Microsoft declined to reveal. They highlighted that the Microsoft Kernel Streaming Service is the vulnerable system component in question. DEVCORE was able to compromise a Windows 11 system with all current patches during Pwn2Own Vancouver 2024, a hacking contest.

Despite patching the flaw six months ago, and highlighting that “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft has not confirmed the flaw is being actively exploited. Going based on Microsoft’s advisories, a system admin would not know this patch was particularly important—at least until CISA began alerting agencies to the issue.

The agency also added CVE-2024-20767, an improper access control weakness, to its list of known exploits. The flaw allows unauthenticated, remote hackers to read the target’s system and files. Adobe patched this flaw in March, but there have been active exploits published on the internet since.