CVE-2024-30085

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to June 2024 Patch Tuesday

Description The issue is a heap-based buffer overflow vulnerability affecting the Windows Cloud Files Mini Filter Driver (cldflt.sys). Successful exploitation allows an attacker to elevate privileges to the NT AUTHORITYSYSTEM level. The vulnerability exists due to improper handling of reparse points, potentially corrupting adjacent WNF STATE DATA objects and leaking kernel pointers via ALPC handle tables. Exploitation involves corrupting PipeAttribute objects to leak token addresses and override privileges. A proof-of-concept exploit is publicly available.

API Endpoints: Not specified Vulnerable Parameters or Variables: reparse point, WNF STATE DATA, PipeAttribute Function Names: Not specified

Recommendations Apply updates released during the June 2024 Patch Tuesday to address the vulnerability.