CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability.
Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don’t require user interaction.
While Microsoft didn’t share more details in a security advisory published in June, the DEVCORE Research Team that found the flaw and reported it to Microsoft through Trend Micro’s Zero Day Initiative says the vulnerable system component is the Microsoft Kernel Streaming Service (MSKSSRV.SYS).
DEVCORE security researchers used this MSKSSRV privilege escalation security flaw to compromise a fully patched Windows 11 system on the first day of this year’s Pwn2Own Vancouver 2024 hacking contest.
Redmond patched the bug during the June 2024 Patch Tuesday, with proof-of-concept exploit code released on GitHub four months later.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company says in a security advisorythat …
![ESPN revamps College Football Playoff design for expanded format [Video]](https://marketingprohub.com/wp-content/uploads/2024/12/mp_801231_0_espncollegefootballplayofflogojpg.jpg)
![Apple News - 32" 6K Monitors, Apple Computer Sale, M4 Extreme, iPhone 17, SE 4 Soon, Apple Rumors [Video]](https://marketingprohub.com/wp-content/uploads/2024/12/mp_793483_0_0jpg.jpg)
![Hanukkah starts this year on Christmas Day NBC 6 South Florida [Video]](https://marketingprohub.com/wp-content/uploads/2024/12/mp_802955_0_AP24355567835674jpg.jpg)
