CVE-2024-21302

Name of the Vulnerable Software and Affected Versions Windows versions prior to the April 2025 security updates Windows 10 versions prior to the April 2025 security updates Windows 11 versions prior to the April 2025 security updates Windows Server 2016 and higher versions prior to the April 2025 security updates Azure Virtual Machines (VM) that support Virtualization Based Security (VBS) prior to the April 2025 security updates

Description An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.

Recommendations To comprehensively address this issue, install the April 2025 security updates for all supported editions of Windows. For customers running affected versions of Windows, review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if the opt-in policy meets the needs of their environment before implementing this mitigation. Configure settings to monitor and log access attempts to critical system files. Review Identity Protection’s Risk Reports in Azure Active Directory.