Monday, July 22, 2024

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.

With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations.

CVE-2024-30088 -Vulnerability Details

The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows.

This function is responsible for querying information about a token, which is a critical component in the Windows security model.

The specific issue arises from the lack of proper locking mechanisms when performing operations on an object.

An attacker can exploit this oversight to escalate privileges and execute arbitrary code in the context of the SYSTEM account, which has the highest privileges on a Windows system.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

According to the Zero Day Initiative reports, to exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

This could be achieved through various means, such as phishing attacks, exploiting other vulnerabilities, or leveraging social engineering techniques.

Once the attacker has a foothold on the system, they can exploit the NtQueryInformationToken flaw to elevate their privileges, potentially gaining full control over the affected system.

The impact of this vulnerability is significant, as it compromises the security of the entire system.

With SYSTEM-level privileges, an attacker can install malicious software, exfiltrate sensitive data, and disrupt system operations.

The high CVSS score of 8.8 reflects the severity of this vulnerability, highlighting the need for immediate attention and remediation.

Microsoft’s Response

Microsoft has responded promptly to this vulnerability by issuing a security update that addresses the flaw.

The update corrects the improper locking mechanism in the NtQueryInformationToken function, preventing attackers from exploiting the vulnerability to escalate privileges.

Users and administrators are strongly advised to apply this update as soon as possible to protect their systems from attacks.

The timeline for the disclosure of CVE-2024-30088 is as follows:

  • 2024-03-28: Vulnerability reported to Microsoft by Emma Kirkpatrick.
  • 2024-06-12: Coordinated public release of the advisory by Microsoft.

This timeline demonstrates a coordinated effort between the researcher and Microsoft to ensure that the vulnerability was addressed and communicated to the public promptly.

The discovery of CVE-2024-30088 underscores the importance of continuous security research and prompt response from software vendors.

This critical vulnerability in Microsoft Windows could have severe consequences if left unpatched.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


Latest articles

SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN....

Hackers Registered 500k+ Domains Using Algorithms For Extensive Cyber Attack

Hackers often register new domains for phishing attacks, spreading malware, and other deceitful activities. Such...

Hackers Claim Breach of Daikin: 40 GB of Confidential Data Exposed

Daikin, the world's largest air conditioner manufacturer, has become the latest target of the...

Emojis Are To Express Emotions, But CyberCriminals For Attacks

There are 3,664 emojis that can be used to express emotions, ideas, or objects...

Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre

SocGholish malware, also known as FakeUpdates, has exhibited new behavior since July 4th, 2024,...

Data Breach Increases by Over 1,000% Annually

The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support...

UK Police Arrested 17-year-old Boy Responsible for MGM Resorts Hack

UK police have arrested a 17-year-old boy from Walsall in connection with a notorious...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles