PoC Exploit for Windows Elevation of Privilege Vulnerability - 20241227001¶
Overview¶
WASOC has become aware of a proof-of-concept(POC) exploit code available for Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Windows Server 2022, 23H2 Edition (Server Core installation) | Versions prior to 10.0.25398.950 | CVE-2024-30085 | 7.8 | High |
| Windows 11 Version 23H2 for x64-based Systems | Versions prior to 10.0.22631.3737 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 22H2 for x64-based Systems | Versions prior to 10.0.19045.4529 | CVE-2024-30085 | 7.8 | High |
| Windows 11 Version 22H2 for ARM64-based Systems | Versions prior to 10.0.22621.3737 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 21H2 for x64-based Systems | Versions prior to 10.0.19044.4529 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 22H2 for 32-bit Systems | Versions prior to 10.0.19045.4529 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 22H2 for ARM64-based Systems | Versions prior to 10.0.19045.4529 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 21H2 for ARM64-based Systems | Versions prior to 10.0.19044.4529 | CVE-2024-30085 | 7.8 | High |
| Windows 11 Version 23H2 for ARM64-based Systems | Versions prior to 10.0.22631.3737 | CVE-2024-30085 | 7.8 | High |
| Windows 11 Version 22H2 for x64-based Systems | Versions prior to 10.0.22621.3737 | CVE-2024-30085 | 7.8 | High |
| Windows 11 version 21H2 for ARM64-based Systems | Versions prior to 10.0.22000.3019 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 21H2 for 32-bit Systems | Versions prior to 10.0.19044.4529 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 1809 for x64-based Systems | Versions prior to 10.0.17763.5936 | CVE-2024-30085 | 7.8 | High |
| Windows Server 2019 | Versions prior to 10.0.17763.5936 | CVE-2024-30085 | 7.8 | High |
| Windows Server 2019 (Server Core installation) | Versions prior to 10.0.17763.5936 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 1809 for ARM64-based Systems | Versions prior to 10.0.17763.5936 | CVE-2024-30085 | 7.8 | High |
| Windows 10 Version 1809 for 32-bit Systems | Versions prior to 10.0.17763.5936 | CVE-2024-30085 | 7.8 | High |
| Windows Server 2022 | Versions prior to 10.0.20348.2527 | CVE-2024-30085 | 7.8 | High |
| Windows Server 2022 | Versions prior to 10.0.20348.2522 | CVE-2024-30085 | 7.8 | High |
| Windows Server 2022 (Server Core installation) | Versions prior to 10.0.20348.2527 | CVE-2024-30085 | 7.8 | High |
| Windows Server 2022 (Server Core installation) | Versions prior to 10.0.20348.2522 | CVE-2024-30085 | 7.8 | High |
| Windows 11 version 21H2 for x64-based Systems | Versions prior to 10.0.22000.3019 | CVE-2024-30085 | 7.8 | High |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):