Microsoft Warns Of Windows Kernel Vulnerability Exploitation


Microsoft has issued a critical warning regarding a Windows kernel vulnerability that could lead to the disclosure of sensitive information.

The vulnerability, CVE-2024-37985, affects ARM-based systems and has been publicly disclosed.

According to Microsoft, an attacker who successfully exploits this vulnerability could view heap memory from a privileged process running on the server, potentially exposing sensitive data.

EHA

The vulnerability is classified as “Important” with a CVSS score of 5.9, indicating a moderate level of severity.

The attack complexity for this vulnerability is high, meaning that an attacker must take additional actions prior to exploitation to prepare the target environment.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

This includes exploiting specific conditions in the microarchitecture of certain ARM-based cores, as detailed in the Armv8 Security Bulletin.

Microsoft has issued updates to mitigate this vulnerability, emphasizing the importance of applying these patches to protect against potential exploitation.

The company notes that while the vulnerability has been publicly disclosed, there is no evidence of active exploitation at this time.

However, the potential impact of this vulnerability should not be underestimated. Successful exploitation could lead to a scope change, affecting resources beyond the security scope managed by the security authority of the vulnerable component.

This means that the vulnerable component and the impacted component are different and managed by different security authorities, highlighting the need for comprehensive security measures.

In light of this warning, users are advised to prioritize the installation of the latest security updates to protect against this and other vulnerabilities.

Additionally, organizations should implement robust security practices, including regular patch management, network segmentation, and user education, to minimize the risk of exploitation.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial



Source link