Overview of the Vulnerability

Cybersecurity experts have sounded the alarm as the Cybersecurity and Infrastructure Security Agency (CISA) warns U.S. federal agencies about a high-severity vulnerability in the Windows kernel that is currently being exploited in real-world attacks.

Details of the Vulnerability

Known as CVE-2024-35250, this security flaw stems from a critical untrusted pointer dereference weakness that empowers local attackers to gain SYSTEM privileges with minimal effort and without needing any user interaction. This alarming level of access could allow attackers to control compromised systems completely.

Response by Microsoft

While Microsoft initially provided limited insight into the vulnerability in a security advisory published in June, researchers from the DEVCORE Research Team—the team that identified this flaw—have revealed that it affects the Microsoft Kernel Streaming Service (MSKSSRV.SYS). They demonstrated this vulnerability by successfully hacking a fully updated Windows 11 system during the Pwn2Own Vancouver 2024 hacking competition on its opening day.

Patch and Ongoing Exploitation

In a proactive response, Microsoft issued a patch during the June 2024 Patch Tuesday. However, just four months later, proof-of-concept exploit code appeared on GitHub, indicating that the vulnerability remains an enticing target for hackers. A spokesperson for Microsoft noted in their advisory, "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," but failed to disclose that the vulnerability is already under active exploitation.

Additional Vulnerabilities Identified

Accompanying this troubling news, CISA has also flagged another critical vulnerability in Adobe ColdFusion, tracked as CVE-2024-20767. Patching this weakness has been vital since it arises from improper access control, allowing uninhibited remote attackers to read sensitive files on compromised systems. As noted by SecureLayer7, exploiting ColdFusion servers with exposing admin panels can potentially let cybercriminals write arbitrary files, circumventing security controls.

Current State of Vulnerabilities

Currently, there are over 145,000 ColdFusion servers vulnerable and exposed on the Internet, tracked by the Fofa search engine. Even though pinpointing specific servers with accessible admin panels is a challenge, the risk remains significant as attackers continue to identify and exploit such weaknesses.

CISA's Directive to Federal Agencies

In line with the Binding Operational Directive (BOD) 22-01, CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to fortify their systems within a strict deadline of January 6. While CISA exclusively alerts federal entities, it strongly encourages private organizations to prioritize patching these vulnerabilities as well, reinforcing the imperative to fend off ongoing cyber attacks.

Conclusion and Call to Action

Experts caution that vulnerabilities like these are frequent targets for malicious actors and represent substantial risks to both federal and private sectors alike. The cyber landscape continues to evolve, and the urgency to address these threats cannot be overstated. Stay alert and ensure your systems are adequately secured—this is not just another vulnerability; it’s a wake-up call for anyone reliant on Windows systems!