CVE-2024-30088

Published Jun 11, 2024

Last updated 7 days ago

Exploit knownCVSS high 7.0
Windows Kernel

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-30088 is an elevation of privilege vulnerability in the Windows Kernel. It is a Time-Of-Check Time-Of-Use (TOCTOU) race condition, meaning that the state of a resource can change between when it is checked and when it is used, which can lead to unexpected actions. An attacker can exploit this vulnerability to run code with elevated privileges on a vulnerable system. This vulnerability has been actively exploited in the wild, including by the OilRig APT group, which is known for cyber espionage. Successful exploitation could allow an attacker to gain complete control over the affected system. It is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, which requires timely patching.

Description
Windows Kernel Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Modified
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2

Risk scores

CVSS 3.1

Type
Secondary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Exploit added on
Oct 15, 2024
Exploit action due
Nov 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-367
nvd@nist.gov
CWE-367

Social media

Hype score
Not currently trending

  1. #ThreatProtection Read more about Symantec Data Center Security (DCS) protection against CVE-2024-30088. https://t.co/1CTnMfBTxr #Vulnerability

    @threatintel

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. گروه هکری ایرانی با نام Earth Simnavaz با استفاده از تکنینک های پیچیده اقدام به دسترسی به سرورها و شبکه های امارات نموده اند. این گروه هکری با اکسپلویت کردن آسیب پذیری مربوط به Exchange با کد شناسایی CVE-2024-30088 اقدام به سرقت اطلاعات نموده است. https://t.co/Y2P1U3eX7Y https://

    @AmirHossein_sec

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-33073 2 - CVE-2023-50428 3 - CVE-2024-30088 4 - CVE-2025-42957 5 - CVE-2025-54948 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Sept 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Top 5 Trending CVEs: 1 - CVE-2024-11477 2 - CVE-2025-52970 3 - CVE-2024-30088 4 - CVE-2025-24252 5 - CVE-2025-5958 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    7 Sept 2025

    250 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 2025-09-06 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2024-30088 Pwning Windows Kernel @ Pwn2Own Vancouver 2024 (Plus Xbox) https://t.co/nr1Y9FtqX2 https://t.co/zfyBXNvr4F

    @motikan2010

    7 Sept 2025

    225 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Windows kernel exploitation (CVE-2024-30088, Pwn2Own Vancouver 2024) https://t.co/6UWvb48lbn #infosec https://t.co/4cLHBeoAf5

    @0xor0ne

    6 Sept 2025

    6341 Impressions

    40 Retweets

    166 Likes

    53 Bookmarks

    3 Replies

    0 Quotes

  7. Potential privilege escalation vulnerabilities in Windows Server 2019, CVE-2024-30088 again 💻🤖💀 #EthicalHacking #KaliLinux https://t.co/2y1AqQrVUD

    @Hack32_

    17 Jul 2025

    314 Impressions

    0 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  8. One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! https://t.co/pZH3WgQG91

    @starlabs_sg

    10 Jul 2025

    16132 Impressions

    49 Retweets

    163 Likes

    55 Bookmarks

    2 Replies

    2 Quotes

  9. #CyberSecurity #Malware CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability https://t.co/dGSNhbAN6U

    @Komodosec

    27 Dec 2024

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability https://t.co/Y6ggZaHWlx

    @Dinosn

    25 Dec 2024

    2249 Impressions

    0 Retweets

    11 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  11. Top 5 Trending CVEs: 1 - CVE-2024-53961 2 - CVE-2024-30085 3 - CVE-2024-56375 4 - CVE-2024-30088 5 - CVE-2024-56337 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    25 Dec 2024

    128 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ハッカー集団OilRig/APT34が、Windowsカーネルのゼロデイ脆弱性を使用しUAE等湾岸諸国の重要インフラ及び政府組織を攻撃。Picus Security社報告。悪用されたCVE-2024-30088は権限昇格。STEALHOOKバックドアを使用。DLL投下で平文パスワードを抽出。Ngrokでトンネル。 https://t.co/y1XhMtalKV

    @__kokumoto

    24 Dec 2024

    1817 Impressions

    3 Retweets

    15 Likes

    4 Bookmarks

    1 Reply

    1 Quote

  13. OilRig (APT34) specializes in: ⚙️ Exploiting zero-days (CVE-2024-30088) 📊 Obfuscation & evasion tactics 🔑 Credential theft Learn how this advanced group operates and how to defend against them. 👉 Full analysis: https://t.co/SGHOc0W23s #CyberSecurity #APT34 #OilRig

    @PicusSecurity

    24 Dec 2024

    2267 Impressions

    14 Retweets

    39 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  14. 🔴 #Windows Kernel Elevation of Privilege Vulnerability (#CVE-2024-30088) (Critical) - Critical https://t.co/kJ0veSPjO9

    @dailycve

    29 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2024-30088

    @transilienceai

    25 Oct 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. CVE-2024-30088 is getting exploited #inthewild. Find out more at https://t.co/QiT95nLyZp CVE-2021-4444 is getting exploited #inthewild. Find out more at https://t.co/uq5M6rwnfk CVE-2024-40711 is getting exploited #inthewild. Find out more at https://t.co/T1KmDbBwqH

    @inthewildio

    23 Oct 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Cyberattacchi di OilRig nel Medio Oriente: analisi approfondita Sicurezza Informatica, apt34, CVE-2024-30088, Earth Simnavaz, exchange, guerra cibernetica, malware, Medio Oriente, oilrig, server https://t.co/caTMgyA03z https://t.co/1dmBNngLOb

    @matricedigitale

    22 Oct 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.