CVE-2024-38144

Name of the Vulnerable Software and Affected Versions Windows Kernel Streaming WOW Thunk Service Driver versions prior to the fixed version

Description The issue is related to a buffer overflow in the dynamic memory of the Kernel Streaming WOW Thunk Service Driver, which can be exploited to elevate privileges. This can be achieved by manipulating the buffer size, followed by a copy operation, allowing an attacker to gain SYSTEM-level privileges. The vulnerability is caused by an integer overflow in the ksthunk.sys driver. A publicly available exploit exists, and it has been reported that the vulnerability might still be a 0-day exploit.

Recommendations For Windows Kernel Streaming WOW Thunk Service Driver, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the CKSAutomationThunk::ThunkEnableEventIrp function in the ksthunk.sys driver until a patch is available. Restrict access to the ksthunk.sys driver to minimize the risk of exploitation.