Saturday, January 25, 2025
HomeCyber Security NewsMicrosoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Published on

SIEM as a Service

Follow Us on Google News

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.

With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations.

CVE-2024-30088 -Vulnerability Details

The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows.

This function is responsible for querying information about a token, which is a critical component in the Windows security model.

The specific issue arises from the lack of proper locking mechanisms when performing operations on an object.

An attacker can exploit this oversight to escalate privileges and execute arbitrary code in the context of the SYSTEM account, which has the highest privileges on a Windows system.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

According to the Zero Day Initiative reports, to exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

This could be achieved through various means, such as phishing attacks, exploiting other vulnerabilities, or leveraging social engineering techniques.

Once the attacker has a foothold on the system, they can exploit the NtQueryInformationToken flaw to elevate their privileges, potentially gaining full control over the affected system.

The impact of this vulnerability is significant, as it compromises the security of the entire system.

With SYSTEM-level privileges, an attacker can install malicious software, exfiltrate sensitive data, and disrupt system operations.

The high CVSS score of 8.8 reflects the severity of this vulnerability, highlighting the need for immediate attention and remediation.

Microsoft’s Response

Microsoft has responded promptly to this vulnerability by issuing a security update that addresses the flaw.

The update corrects the improper locking mechanism in the NtQueryInformationToken function, preventing attackers from exploiting the vulnerability to escalate privileges.

Users and administrators are strongly advised to apply this update as soon as possible to protect their systems from attacks.

The timeline for the disclosure of CVE-2024-30088 is as follows:

  • 2024-03-28: Vulnerability reported to Microsoft by Emma Kirkpatrick.
  • 2024-06-12: Coordinated public release of the advisory by Microsoft.

This timeline demonstrates a coordinated effort between the researcher and Microsoft to ensure that the vulnerability was addressed and communicated to the public promptly.

The discovery of CVE-2024-30088 underscores the importance of continuous security research and prompt response from software vendors.

This critical vulnerability in Microsoft Windows could have severe consequences if left unpatched.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations

The New York State Department of Financial Services (NYDFS) has imposed a $2 million...