CVE-2024-35253

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jun 11, 2024

010
CVSS 4.4EPSS 0.05%Medium
CVE info copied to clipboard

Summary

This vulnerability in Microsoft Azure File Sync could allow an authenticated attacker to elevate privileges on the system. The attacker would need to run a specially crafted application to exploit this vulnerability. While no sensitive information disclosure is involved, an attacker could potentially gain elevated (SYSTEM) privileges on the affected system. This is an Elevation of Privilege vulnerability with a CVSS base score of 4.4, indicating moderate severity. The vulnerability requires local access, high attack complexity, low privileges, and user interaction.

Impact

A successful exploitation could allow an attacker to install programs, view or change data, and create new accounts with full user rights on the vulnerable system. This could lead to further compromise of the affected system and potential lateral movement across the network. The vulnerability primarily affects the integrity of the system, with a high integrity impact, while confidentiality and availability are not directly impacted.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Microsoft has released a patched version of Azure File Sync to address this vulnerability. Organizations should apply the latest security updates from Microsoft as soon as possible. The vulnerability affects Azure File Sync versions 16.0.0.0 up to (but not including) 17.3.0.0, as well as version 18.0.0.0. It's crucial to update to the latest patched version to mitigate this vulnerability.

Mitigation

As a workaround until the patch can be applied, restrict access to the vulnerable Azure File Sync service to only trusted users and networks. Enable additional logging and monitoring for any suspicious activities related to privilege escalation attempts. Given that the vulnerability requires local access and user interaction, implementing strong access controls and user education can help mitigate the risk. Additionally, following the principle of least privilege for user accounts can limit the potential impact of successful exploitation.

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 4.4 has been assigned.

Jun 11, 2024 at 5:05 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-35253. See article

Jun 11, 2024 at 5:10 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 11, 2024 at 5:10 PM
CVE Assignment

NVD published the first details for CVE-2024-35253

Jun 11, 2024 at 5:16 PM
Trending

This CVE started to trend in security discussions

Jun 11, 2024 at 6:18 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 8.9%)

Jun 12, 2024 at 1:34 PM
Trending

This CVE stopped trending in security discussions

Jun 12, 2024 at 9:20 PM
Trending

This CVE started to trend in security discussions

Jun 13, 2024 at 2:41 PM
Trending

This CVE stopped trending in security discussions

Jun 13, 2024 at 4:53 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/azure_file_sync
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

References

June 2024 Security Updates
June 2024 Security Updates
Microsoft Azure File Sync Elevation of Privilege Vulnerability
According to the CVSS metric, privileges required is low (PR:L). The successful exploitation of this vulnerability requires a user with administrator privileges to perform specific operations on the endpoint targeted by the attacker.

News

June 2024 Threat Advisory – Top 5
Successful exploitation of these vulnerabilities could result in Remote Code Execution, Elevation of Privilege, Information Disclosure and Denial of Service. Microsoft has released its Patch Tuesday for June 2024 with security updates for forty-nine flaws with 18 Remote Code Execution Vulnerabilities.
Microsoft’s Security Update Notification in June of High-Risk Vulnerabilities in Multiple Products - Security Boulevard
Recently, NSFOCUS CERT detected that Microsoft released a security update patch for June, which fixed 49 security issues involving widely used products such as Windows, Azure, Microsoft Office and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. CVE-2024-35250: Untrusted pointer dereference vulnerability in Windows kernel mode driver; local attackers authenticated by ordinary users can exploit these vulnerabilities by running special programs to obtain SYSTEM permissions of the target system.
KLA68916
An elevation of privilege vulnerability in Microsoft Azure File Sync can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Azure Identity Libraries and Microsoft Authentication Library can be exploited remotely to gain privileges.
CNNVD | 关于微软多个安全漏洞的通报
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞49个,影响到微软产品的其他厂商漏洞2个。包括Microso
CNNVD | 关于微软多个安全漏洞的通报
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞49个,影响到微软产品的其他厂商漏洞2个。包括Microso
See 33 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:High
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI