AI description
CVE-2024-30085 is an elevation of privilege vulnerability found within the Windows Cloud Files Mini Filter Driver (cldflt.sys), a kernel-level component responsible for managing cloud file synchronization operations in Windows, particularly for services like OneDrive. The flaw is a heap-based buffer overflow (CWE-122) that occurs because the driver improperly validates the size of user-supplied data before copying it into a fixed-size buffer when processing reparse points. This vulnerability allows a local attacker with low-level privileges to exploit the system. By crafting a malicious application or script that interacts with the cldflt.sys driver, an attacker can trigger the buffer overflow, corrupting kernel heap memory. Successful exploitation can lead to privilege escalation, granting the attacker SYSTEM-level access and potentially full control over the affected machine.
- Description
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_server_2019, windows_server_2022, windows_server_2022_23h2
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-122
- nvd@nist.gov
- NVD-CWE-noinfo
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
13
#reversing #Kernel_Security #Sec_code_review Exploiting Reversing (ER) series: Part 6 - A Deep Dive Into Exploiting a Minifilter Driver (n-day) https://t.co/cozQXZnY1Q Part 7 - Exploitation Techniques: CVE-2024-30085 (part 1) https://t.co/QHyAmPo72f Part 8 - Exploitation
@ksg93rd
29 Apr 2026
119 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03) https://t.co/4BeQv1KZmn
@Dinosn
29 Apr 2026
905 Impressions
2 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2024-30085: From Regular User to SYSTEM – Mastering Dual Kernel Heap Overflow Exploits (106-Page Deep Dive) + Video https://t.co/T0vNeHLFIa Educational Purposes!
@UndercodeUpdate
28 Apr 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03) Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a htt
@ale_sp_brazil
28 Apr 2026
6913 Impressions
41 Retweets
151 Likes
64 Bookmarks
4 Replies
0 Quotes
Últimas noticias sobre #Hacking: En las últimas 24 horas, expertos revelan técnicas avanzadas para explotar CVE-2024-30085, analizan una vulnerabilidad crítica en drivers Minifilter, y alertan sobre fallas críticas en PHP Composer que permiten ejec... 👉 https://t.co/ZNhh
@JaimeARestrepo_
15 Apr 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📄 New research released for CVE-2024-30085 showing dual I/O Ring-based exploit chains that combine WNF OOB, Pipe Attribute spray and kernel buffer corruption to achieve reliable local privilege escalation from regular user to SYSTEM, including arbitrary kernel read/write
@VivekIntel
1 Apr 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploiting Reversing (ER) series: article 08 | Exploitation Techniques: CVE-2024-30085 (part 02) https://t.co/FB2BYdl40y
@Dinosn
1 Apr 2026
1348 Impressions
1 Retweet
8 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 Mastering the I/O Ring: A Deep Dive into #CVE-2024-30085 Exploitation Techniques + Video https://t.co/AHK9O7tUkU Educational Purposes!
@UndercodeUpdate
31 Mar 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation: https://t.co/VivMePRhHd Key features of this edit
@ale_sp_brazil
31 Mar 2026
4171 Impressions
30 Retweets
100 Likes
50 Bookmarks
5 Replies
1 Quote
🚨 #CVE-2024-30085 Exposed: Two Full Exploit Chains for #Windows Kernel Privilege Escalation + Video https://t.co/raSR8S6YQI Educational Purposes!
@UndercodeUpdate
4 Mar 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploiting Reversing (ER) series: article 07 | Exploitation Techniques: CVE-2024-30085 (part 01) https://t.co/Afe3bAHkb1
@Dinosn
4 Mar 2026
1240 Impressions
3 Retweets
10 Likes
10 Bookmarks
0 Replies
0 Quotes
I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation: https://t.co/G5HZvkeUze Key feature
@ale_sp_brazil
4 Mar 2026
19945 Impressions
71 Retweets
241 Likes
186 Bookmarks
4 Replies
2 Quotes
💻I have achieved NT AUTHORITY\SYSTEM privileges on a Windows 10 version 21H2 19044.1288, CVE-2024-30085, the key to success (local_exploit_suggester and Migrate) #hacking #Ciberseguridad #Pentesting #EthicalHacking 💻🤖🔥 https://t.co/qGvK08jKsu
@Hack32_
11 Jul 2025
252 Impressions
0 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2024-30085: Windows Cloud Files Mini Filter Driver Elevation of Privilege https://t.co/DnbXYTFBSp Hello. I'm OUYA77. The vulnerability I've brought today is CVE 2024-30085, which allows for Elevation of Privilege (EoP) in the Cloud Files Mini Filter Driver that
@hackyboiz
11 Jan 2025
2556 Impressions
21 Retweets
54 Likes
15 Bookmarks
1 Reply
0 Quotes
Windows の特権昇格の脆弱性 CVE-2024-30085:PoC エクスプロイトが公開 https://t.co/AUVHXciaBI この脆弱性 CVE-2024-30085 ですが、文中にあるように、2024年6月の Patch Tuesday で修正されています。それに先立つ5月に、TyphoonPWN で取り上げられたのでしょう。CVSS 値としては、Microsoft が… https://t.co/pGm0bx4DjB
@iototsecnews
6 Jan 2025
75 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-30085: PoC Exploit Released for Windows Elevation of Privilege Vulnerability https://t.co/uZWnHZzcxE
@s0dery
2 Jan 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Windows'ta saldırganların sistem ayrıcalıklarına (privilege escalation) yükseltmesine olanak tanıyan yeni 0day açığı (CVE-2024-30085) keşfedildi. Windows Kullanıcıları Dikkat! ⚠️ Windows Cloud Files Mini Filter Driver'daki kritik bir güvenlik açığı (CVE-2024-30085),… https://t.
@AydemirSerhat
2 Jan 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Exploit code released for Microsoft CVE-2024-30085 #Microsoft #CVE-2024-30085 #ExploitCode https://t.co/ag0yLp2Thp
@pravin_karthik
28 Dec 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-30085 Heap-based buffer overflow vulnerability affecting the Windows Cloud Files Mini Filter Driver cldflt.sys. By crafting a custom reparse point, it is possible to trigger the buffer overflow to corrupt an adjacent _WNF_STATE_DATA object. The corrupted… https://t.co/
@7h3h4ckv157
27 Dec 2024
1452 Impressions
5 Retweets
20 Likes
4 Bookmarks
2 Replies
0 Quotes
#exploit 1. A Practical Guide to PrintNightmare in 2024 (updated Oct 5) https://t.co/HsGqqx3KCB ]-> PnP bypass 2. CVE-2024-12209: WP Umbrella Unauthenticated LFI https://t.co/pM3EvOiZWC 3. CVE-2024-30085: Windows 11 23H2 EoP https://t.co/yltdUnMYnQ
@ksg93rd
26 Dec 2024
1587 Impressions
6 Retweets
36 Likes
14 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-53961 2 - CVE-2024-9474 3 - CVE-2024-30085 4 - CVE-2024-45387 5 - CVE-2024-12744 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #Windows PoC Exploit Released for CVE-2024-30085: Windows Elevation of Privilege Vulnerability https://t.co/XSShT2cc8x
@Komodosec
25 Dec 2024
81 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-30085: PoC Exploit Released for Windows Elevation of Privilege Vulnerability https://t.co/LPlhpgMrse
@freedomhack101
25 Dec 2024
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-53961 2 - CVE-2024-30085 3 - CVE-2024-56375 4 - CVE-2024-30088 5 - CVE-2024-56337 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Dec 2024
128 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical Windows vulnerability (CVE-2024-30085) allows local attackers to escalate privileges to SYSTEM level, risking user security. Rated 7.8 on CVSS. 🛡️ #WindowsVulnerability #PrivilegeEscalation #USCybersecurity #CybersecurityNews link: https://t.co/c3eh1j4efL https://t.c
@TweetThreatNews
24 Dec 2024
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
『By forging a PipeAttribute object in userspace, we are able to leak the token address and override privileges to escalate privileges to NT AUTHORITY\SYSTEM.』 All I Want for Christmas is a CVE-2024-30085 Exploit https://t.co/UN2j1uXqd3
@autumn_good_35
24 Dec 2024
831 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
🎄 All I Want for Christmas is a CVE-2024-30085 Exploit 🎄 As always, we at @starlabs_sg are sharing what we learnt. This time, it's brought to you by Cherie-Anne Lee https://t.co/NHVNlLpwzU
@starlabs_sg
24 Dec 2024
8777 Impressions
40 Retweets
130 Likes
43 Bookmarks
0 Replies
3 Quotes
𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝟏𝟏 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐇𝐨𝐥𝐞 𝐎𝐩𝐞𝐧𝐬 𝐃𝐨𝐨𝐫 𝐟𝐨𝐫 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2) identified as CVE-2024-30085. This flaw allows local attackers to escalate privileges to…
@TechBuzzRecap
24 Dec 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-30085はWindowsのCloud Files Mini Filter Driverに存在する特権昇格の脆弱性。攻撃者はこの脆弱性を利用してSYSTEM権限を取得可能。問題の原因はユーザー提供データの長さを適切に検証せず、固定長のバッファにコピーする設計ミス。2024年6月のパッチで修正済み https://t.co/CCC1NqHLdu
@01ra66it
24 Dec 2024
276 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
PoC Exploit Released for CVE-2024-30085: Windows Elevation of Privilege Vulnerability https://t.co/atlD3UUkYm
@Dinosn
24 Dec 2024
10551 Impressions
61 Retweets
206 Likes
84 Bookmarks
1 Reply
0 Quotes
PoC Exploit Released for CVE-2024-30085: Windows Elevation of Privilege Vulnerability Researcher published the technical details and a #PoC exploit code for CVE-2024-30085 - #Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw https://t.co/tILKygNQ6w
@the_yellow_fall
24 Dec 2024
4574 Impressions
22 Retweets
107 Likes
46 Bookmarks
0 Replies
1 Quote
Windows 11の権限昇格脆弱性CVE-2024-30085の解説。Cloud Files Mini Filter Driver (cldflt.sys)におけるユーザー入力データの検証不備により、メモリ破壊からSYSTEM権限が取得可能。 https://t.co/qfpYY96uBI
@__kokumoto
22 Dec 2024
2385 Impressions
5 Retweets
35 Likes
18 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری جدیدی با کد شناسایی CVE-2024-30085 و از نوع local privilege escalation برای Windows 11 نسخه 23H2 منتشر شده است. این آسیب پذیری مربوط به درایوری با نام cldflt.sys می باشد که به هکرها امکان ارتقای سطح دسترسی به یوزر System را می دهد. https://t.co/Poz3aKYxT1 htt
@AmirHossein_sec
21 Dec 2024
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Windows 11 Vulnerability CVE-2024-30085: Exploitation and Protection https://t.co/lqekcSeruc
@windowsforum
20 Dec 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]