CVE-2024-30088

Name of the Vulnerable Software and Affected Versions Windows 10 versions 1809 through 22H2 Windows 11 versions 21H2 through 23H2 Windows Server 2019 Windows Server 2022 Windows Server 2025 Server Core installations prior to February 2025 updates

Description A local privilege escalation issue exists in the Windows Kernel due to a race condition and improper synchronization in the Object Manager. The flaw is specifically linked to an error in the implementation of the NtQueryInformationToken() function and an unchecked integer multiplication that leads to an integer overflow. This causes the kernel to allocate a buffer smaller than required, resulting in an out-of-bounds write that allows attackers to corrupt kernel memory and replace process tokens with the SYSTEM token. This can lead to a full bypass of User Account Control (UAC) and security boundaries, enabling the installation of rootkits, bootkits, and credential theft from LSA memory. The issue has been actively exploited by the Iranian threat actor OilRig (APT34) in cyber espionage campaigns targeting infrastructure in the UAE and the Gulf region.

Recommendations Update all affected systems to Security Update KB5034763 or later cumulative updates. Enable Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) where supported to harden endpoints.