Windows kernel flaw actively exploited
Take action: Another reminder to patch your Windows Operating System! If the computer isn't patched from July, you are very late. And quite exposed. Don't delay, it's a hassle but you need to do it.
Learn More
A high-severity Windows kernel vulnerability has been discovered and is currently being actively exploited in attacks.
The vulnerability is tracked as CVE-2024-35250 (CVSS score 7.8), enables local attackers to escalate privileges to SYSTEM level without requiring user interaction. The flaw exists in the Microsoft Kernel Streaming Service (MSKSSRV.SYS) and was initially discovered by the DEVCORE Research Team, who reported it through Trend Micro's Zero Day Initiative.
The vulnerability was demonstrated during the Pwn2Own Vancouver 2024 hacking contest, where DEVCORE researchers successfully compromised a fully updated Windows 11 system.
Although Microsoft released a patch during the June 2024 Patch Tuesday update, proof-of-concept exploit code was later published on GitHub, enabling malicious actors to use it as a template for attacks.
Users are advised to update their Microsoft Operating System.
