Critical Windows Kernel Flaw Impacts All Versions, Update Now

CVECVE-2024-21309
CVSScvssV3_1: 7.8
SourceCVE-2024-21309

Microsoft Windows is prone to an elevation of privilege vulnerability due to an issue in the kernel-mode drivers. Attackers can exploit this (CVE-2024-21309) to gain elevated system privileges on affected versions of Windows.

The kernel is the core of the Windows operating system. Kernel-mode drivers load early during the startup process and get extensive access to system resources. This vulnerability resides in how these kernel drivers handle object requests from applications.

A malicious application or malware can craft a special request that tricks the affected driver into assigning more privileges than intended. This allows the attacker to essentially run programs and code with elevated “administrator” level permissions.

All supported versions of Windows including 7, 8.1 and 10 are vulnerable as long as the affected driver component is present. This puts government, corporate and home users at risk of system compromise.

To stay protected, it is highly recommended to install the latest updates from Windows Update or directly from Microsoft’s website. Keeping your system fully patched with the latest security fixes is the best way to close vulnerabilities like this. You should also use a reputable antivirus and only install applications from trusted publishers to avoid falling victim to malware in the first place.

References