CVE-2024-35250 - Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
Project:Microsoft
Product:Windows
Date Added:2024-12-16Due Date:2025-01-06
Vulnerability Name
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
Description
Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250
https://nvd.nist.gov/vuln/detail/CVE-2024-35250
Related News Articles
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT CampaignDecember 17, 2024
Windows kernel bug now exploited in attacks to gain SYSTEM privilegesDecember 17, 2024
