CVE-2024-30093

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jun 11, 2024

010
CVSS 7.3EPSS 0.05%High
CVE info copied to clipboard

Summary

This is a Windows Storage Elevation of Privilege vulnerability. An attacker who can run code on the system could exploit this vulnerability to gain higher privileges than they are allowed. The vulnerability is associated with CWE-59, which relates to Improper Link Resolution Before File Access ('Link Following').

Impact

If exploited, this vulnerability could allow an attacker to run malicious code with elevated privileges on affected Windows systems. This could lead to complete system compromise, data theft or destruction, and other serious impacts. The vulnerability has high impact on integrity, availability, and confidentiality.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Microsoft has released security updates to address this vulnerability. Patches are available for affected systems, including various versions of Windows 10, Windows 11, and Windows Server. Users should update to the following versions or later: - Windows 10 22H2: 10.0.19045.4529 - Windows Server 2016: 10.0.14393.7070 - Windows 10 1809: 10.0.17763.5936 - Windows 11 22H2: 10.0.22621.3737 - Windows 10 21H2: 10.0.19044.4529 - Windows Server 2022 23H2: 10.0.25398.950 - Windows 11 23H2: 10.0.22631.3737 - Windows Server 2022: 10.0.20348.2522 - Windows 11 21H2: 10.0.22000.3019 - Windows 10 1507: 10.0.10240.20680 - Windows Server 2019: 10.0.17763.5936 - Windows 10 1607: 10.0.14393.7070 Other affected versions without specific version numbers should also be updated to the latest available patch.

Mitigation

In addition to patching, the following mitigation steps are recommended: 1. Restrict local access to systems 2. Follow the principle of least privilege 3. Use additional security controls such as antivirus software 4. Implement firewalls 5. Apply network segregation to reduce the attack surface It's important to note that user interaction is required for exploitation, and the attack vector is local, which may somewhat limit the potential for widespread attacks.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

Trending

This CVE stopped trending in security discussions

Jun 28, 2024 at 10:58 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 18.9%)

Nov 19, 2024 at 6:25 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_10_21h2
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

References

June 2024 Security Updates
June 2024 Security Updates
Windows Storage Elevation of Privilege Vulnerability
What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

News

@oryair1999 2024年08月01日 22時18分35秒
Time to share some of my new CVEs : In Quick Share for Windows: * CVE-2024-38271 * CVE-2024-38272 In Windows: * CVE-2024-30093 In just a week at @defcon , @_BinWalker_ and I will present the 10 vulneraiblities and RCE we found in Google's Quick Share! https:// defcon.org/html/defcon-32 /dc-32-speakers.html#54485 …
Windows Storage Elevation of Privilege VulnerabilityWindows Storage Elevation...
Windows Storage Elevation of Privilege Vulnerability
June 2024 Threat Advisory – Top 5
Successful exploitation of these vulnerabilities could result in Remote Code Execution, Elevation of Privilege, Information Disclosure and Denial of Service. Microsoft has released its Patch Tuesday for June 2024 with security updates for forty-nine flaws with 18 Remote Code Execution Vulnerabilities.
Microsoft’s Security Update Notification in June of High-Risk Vulnerabilities in Multiple Products - Security Boulevard
Recently, NSFOCUS CERT detected that Microsoft released a security update patch for June, which fixed 49 security issues involving widely used products such as Windows, Azure, Microsoft Office and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. CVE-2024-35250: Untrusted pointer dereference vulnerability in Windows kernel mode driver; local attackers authenticated by ordinary users can exploit these vulnerabilities by running special programs to obtain SYSTEM permissions of the target system.
KLA68915
A remote code execution vulnerability in Windows Standards-Based Storage Management Service can be exploited remotely to execute arbitrary code. An elevation of privilege vulnerability in Microsoft Streaming Service can be exploited remotely to gain privileges.
See 31 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI