CVE-2024-21302 Information
Description
Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability an attacker could reintroduce previously mitigated vulnerabilities circumvent some features of VBS and exfiltrate data protected by VBS. For more information on Windows versions and VM SKUs supporting VBS reference: Virtualization-based Security (VBS) | Microsoft Learn.. Microsoft is developing a security update to mitigate this vulnerability but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details: A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10 Windows 11 Windows Server 2016 Windows Server 2019 Windows Server 2022 and a subset of Azure Virtual Machines (VM) SKUs with a Windows based guestOS supporting VBS. For more information on Windows versions and VM SKUs supporting VBS reference: Virtualization-based Security (VBS) | Microsoft Learn. The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities circumvent VBS security features and exfiltrate data protected by VBS. Microsoft is developing a security update that will revoke outdated unpatched VBS system files to mitigate this vulnerability but it is not yet available. Due to the complexity of blocking such a large quantity of files rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However a public presentation regarding this vulnerability was hosted at BlackHat on August 07th 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section of this CVE to protect their systems. Recommended Actions: The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.
Configure “Audit Object Access” settings to monitor attempts to access files such as handle creation read / write operations or modifications to security descriptors.
Audit File System - Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn
Auditing sensitive privileges used to identify access modification or replacement of VBS related files could help indicacte attempts to exploit this vulnerability.
Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
Protect your Azure tenant by investigating administrators and users flagged for risky sign-ins and rotating their credentials.
Investigate risk Microsoft Entra ID Protection - Microsoft Entra ID Protection | Microsoft Learn
Enabling Multi-Factor Authentication can also help alleviate concerns about compromised accounts or exposure.
Enforce multifactor…
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.7
Share on: