Wednesday, October 9, 2024
HomeCyber Security NewsMicrosoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Published on

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.

With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations.

CVE-2024-30088 -Vulnerability Details

The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows.

- Advertisement - EHA

This function is responsible for querying information about a token, which is a critical component in the Windows security model.

The specific issue arises from the lack of proper locking mechanisms when performing operations on an object.

An attacker can exploit this oversight to escalate privileges and execute arbitrary code in the context of the SYSTEM account, which has the highest privileges on a Windows system.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

According to the Zero Day Initiative reports, to exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

This could be achieved through various means, such as phishing attacks, exploiting other vulnerabilities, or leveraging social engineering techniques.

Once the attacker has a foothold on the system, they can exploit the NtQueryInformationToken flaw to elevate their privileges, potentially gaining full control over the affected system.

The impact of this vulnerability is significant, as it compromises the security of the entire system.

With SYSTEM-level privileges, an attacker can install malicious software, exfiltrate sensitive data, and disrupt system operations.

The high CVSS score of 8.8 reflects the severity of this vulnerability, highlighting the need for immediate attention and remediation.

Microsoft’s Response

Microsoft has responded promptly to this vulnerability by issuing a security update that addresses the flaw.

The update corrects the improper locking mechanism in the NtQueryInformationToken function, preventing attackers from exploiting the vulnerability to escalate privileges.

Users and administrators are strongly advised to apply this update as soon as possible to protect their systems from attacks.

The timeline for the disclosure of CVE-2024-30088 is as follows:

  • 2024-03-28: Vulnerability reported to Microsoft by Emma Kirkpatrick.
  • 2024-06-12: Coordinated public release of the advisory by Microsoft.

This timeline demonstrates a coordinated effort between the researcher and Microsoft to ensure that the vulnerability was addressed and communicated to the public promptly.

The discovery of CVE-2024-30088 underscores the importance of continuous security research and prompt response from software vendors.

This critical vulnerability in Microsoft Windows could have severe consequences if left unpatched.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...