Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.

With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations.

CVE-2024-30088 -Vulnerability Details

The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows.

This function is responsible for querying information about a token, which is a critical component in the Windows security model.

The specific issue arises from the lack of proper locking mechanisms when performing operations on an object.

An attacker can exploit this oversight to escalate privileges and execute arbitrary code in the context of the SYSTEM account, which has the highest privileges on a Windows system.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

According to the Zero Day Initiative reports, to exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

This could be achieved through various means, such as phishing attacks, exploiting other vulnerabilities, or leveraging social engineering techniques.

Once the attacker has a foothold on the system, they can exploit the NtQueryInformationToken flaw to elevate their privileges, potentially gaining full control over the affected system.

The impact of this vulnerability is significant, as it compromises the security of the entire system.

With SYSTEM-level privileges, an attacker can install malicious software, exfiltrate sensitive data, and disrupt system operations.

The high CVSS score of 8.8 reflects the severity of this vulnerability, highlighting the need for immediate attention and remediation.

Microsoft’s Response

Microsoft has responded promptly to this vulnerability by issuing a security update that addresses the flaw.

The update corrects the improper locking mechanism in the NtQueryInformationToken function, preventing attackers from exploiting the vulnerability to escalate privileges.

Users and administrators are strongly advised to apply this update as soon as possible to protect their systems from attacks.

The timeline for the disclosure of CVE-2024-30088 is as follows:

  • 2024-03-28: Vulnerability reported to Microsoft by Emma Kirkpatrick.
  • 2024-06-12: Coordinated public release of the advisory by Microsoft.

This timeline demonstrates a coordinated effort between the researcher and Microsoft to ensure that the vulnerability was addressed and communicated to the public promptly.

The discovery of CVE-2024-30088 underscores the importance of continuous security research and prompt response from software vendors.

This critical vulnerability in Microsoft Windows could have severe consequences if left unpatched.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,' who claims to have compromised the…

21 hours ago

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users, leading to widespread reports of Blue…

1 day ago

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have drained billions from victims' wallets. This…

1 day ago

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which link to a variety of systems…

2 days ago

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and often have extensive community support, making…

2 days ago

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are largely employed for communication and collaboration,…

2 days ago