**Name of the Vulnerable Software and Affected Versions:**

Microsoft Windows versions prior to June 11, 2024

Microsoft Windows 10 1507 (<10.0.10240.20680)

Microsoft Windows Server 2019

Microsoft Windows 10 22H2 (19045)

Xbox SystemOS

**Description:**

This vulnerability is a Windows kernel elevation of privilege flaw stemming from an error in the implementation of `NtQueryInformationToken`. Successful exploitation allows an attacker to gain SYSTEM-level privileges. The vulnerability is actively exploited in the wild by the Iranian threat actor OilRig (also known as APT34 and Helix Kitten) in attacks targeting the UAE and Gulf region, often in conjunction with the deployment of backdoors like Helminth, QUADAGENT, ISMAgent, and STEALHOOK. OilRig utilizes this vulnerability to compromise critical infrastructure, including government, technology, energy, and telecommunications sectors. The vulnerability has also been leveraged in attacks against Microsoft Exchange servers to steal credentials. A public exploit is available. Approximately an estimated number of devices worldwide are potentially affected, though a precise figure is not available.

**Recommendations:**

Microsoft Windows versions prior to June 11, 2024: Update to the latest version to address the vulnerability.

Microsoft Windows 10 1507 (<10.0.10240.20680): Update to a version newer than 10.0.10240.20680 to address the vulnerability.

Microsoft Windows Server 2019: Update to the latest version to address the vulnerability.

Microsoft Windows 10 22H2 (19045): Update to the latest version to address the vulnerability.

Xbox SystemOS: Update to the latest version to address the vulnerability.