Summary: Microsoft has updated its security advisory to classify CVE-2024-37985 as a zero-day vulnerability, which poses a medium-level threat to Windows systems by allowing unauthorized access to sensitive heap memory. This vulnerability could lead to significant information leakage and potential escalation of attacks despite requiring specific conditions for exploitation.
Threat Actor: Unknown | unknown
Victim: Microsoft Windows users | Microsoft Windows users
Key Point :
- CVE-2024-37985 is a Windows Kernel Information Disclosure Vulnerability with a CVSS score of 5.9.
- Attackers can exploit this vulnerability to access sensitive heap memory, potentially leading to information leakage and further attacks.
- Microsoft has not disclosed specific details about the exploitation techniques to prevent further attacks before a patch is available.
- This vulnerability was disclosed during Microsoft’s July 2024 Patch Tuesday, which addressed multiple vulnerabilities, including two actively exploited zero-days.
Today, Microsoft Security Response Center (MSRC) updated its security advisory to mark CVE-2024-37985 which was disclosed on 09 July 2024, as a zero-day vulnerability. This flaw has been classified as a Windows Kernel Information Disclosure Vulnerability, with a CVSS score of 5.9 (Medium), indicating a notable threat to system security.
The vulnerability stems from a weakness in the Windows kernel, the core part of the Windows operating system responsible for managing system resources and hardware interactions. According to Microsoft, attackers who successfully exploit this vulnerability could access heap memory from a privileged process running on a vulnerable server.
Heap memory is dynamically allocated during the execution of processes. This memory may contain sensitive data, including system information or personal data being processed by critical applications. The ability to access heap memory without authorization can lead to severe information leakage, providing attackers with a foothold to further escalate attacks or compromise sensitive data.
Microsoft has confirmed that the exploit is not trivial, requiring attackers to take additional preparatory actions in the target environment to successfully exploit the flaw. However, once these preconditions are met, the vulnerability opens the door to unauthorized data access.
Despite its public disclosure, Microsoft has withheld specific details about the nature of the attack vectors and techniques used to exploit CVE-2024-37985. This is a common practice when dealing with zero-day vulnerabilities to prevent further exploitation before a broad patch can be deployed.
While this vulnerability has not been classified as “critical,” the information disclosure risk posed by unauthorized access to heap memory should not be underestimated. Malicious actors can leverage such vulnerabilities to gain insight into the internal workings of privileged processes, potentially leading to more severe attacks like privilege escalation or remote code execution down the line.
The disclosure of CVE-2024-37985 came as part of Microsoft’s July 2024 Patch Tuesday security update, which included fixes for 142 vulnerabilities. Among these were two actively exploited zero-day vulnerabilities:
- CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability
- CVE-2024-38112 – Windows MSHTML Platform Spoofing Vulnerability
Additionally, two publicly disclosed zero-day vulnerabilities were addressed:
- CVE-2024-35264 – .NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-37985 – Windows Kernel Information Disclosure Vulnerability
Related Posts:
Source: https://securityonline.info/microsoft-confirms-cve-2024-37985-as-zero-day-bug-in-windows