CVE-2024-30088

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to an elevation-of-privilege vulnerability in the Windows Kernel, which allows attackers to gain SYSTEM-level control. This vulnerability has been exploited by Iranian threat actors, such as OilRig, to deploy backdoors and steal credentials from targeted systems, including Microsoft Exchange servers. The vulnerability exists due to a Time-of-Check-to-Time-of-Use (TOCTOU) race condition in the Windows Kernel. It has been reported that this vulnerability is being actively exploited in the wild, with attacks targeting the UAE and Gulf region.

Recommendations As a temporary workaround, consider disabling any unnecessary features or modules that may be using the vulnerable Windows Kernel function until a patch is available. Apply the patch released by Microsoft as soon as possible to fix the vulnerability. Additionally, implement network segmentation, use Endpoint Detection and Response (EDR), and enable Multi-Factor Authentication (MFA) to minimize the risk of exploitation. Regularly update and patch systems to prevent exploitation of known vulnerabilities. Restrict access to sensitive resources and limit user privileges to reduce the impact of a potential attack.