microsoft windows-server-2012 CVE-2024-35250 vulnerability in Microsoft Products
Published on June 11, 2024

product logo product logo
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.

The following remediation steps are recommended / required by January 6, 2025: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2024-35250 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2024-35250 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2024-35250

You can be notified by stack.watch whenever vulnerabilities like CVE-2024-35250 are published in these products:

 
 
 
 
 
 
 
 
 
 

What versions are vulnerable to CVE-2024-35250?