AI description
CVE-2024-30088 is an elevation of privilege vulnerability in the Windows Kernel. It is a Time-Of-Check Time-Of-Use (TOCTOU) race condition, meaning that the state of a resource can change between when it is checked and when it is used, which can lead to unexpected actions. An attacker can exploit this vulnerability to run code with elevated privileges on a vulnerable system. This vulnerability has been actively exploited in the wild, including by the OilRig APT group, which is known for cyber espionage. Successful exploitation could allow an attacker to gain complete control over the affected system. It is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, which requires timely patching.
- Description
- Windows Kernel Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
- Exploit added on
- Oct 15, 2024
- Exploit action due
- Nov 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
31
#ThreatProtection Read more about Symantec Data Center Security (DCS) protection against CVE-2024-30088. https://t.co/1CTnMfBTxr #Vulnerability
@threatintel
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
گروه هکری ایرانی با نام Earth Simnavaz با استفاده از تکنینک های پیچیده اقدام به دسترسی به سرورها و شبکه های امارات نموده اند. این گروه هکری با اکسپلویت کردن آسیب پذیری مربوط به Exchange با کد شناسایی CVE-2024-30088 اقدام به سرقت اطلاعات نموده است. https://t.co/Y2P1U3eX7Y https://
@AmirHossein_sec
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! https://t.co/pZH3WgQG91
@starlabs_sg
10 Jul 2025
16132 Impressions
49 Retweets
163 Likes
55 Bookmarks
2 Replies
2 Quotes
#CyberSecurity #Malware CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability https://t.co/dGSNhbAN6U
@Komodosec
27 Dec 2024
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability https://t.co/Y6ggZaHWlx
@Dinosn
25 Dec 2024
2249 Impressions
0 Retweets
11 Likes
7 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-53961 2 - CVE-2024-30085 3 - CVE-2024-56375 4 - CVE-2024-30088 5 - CVE-2024-56337 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Dec 2024
128 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
ハッカー集団OilRig/APT34が、Windowsカーネルのゼロデイ脆弱性を使用しUAE等湾岸諸国の重要インフラ及び政府組織を攻撃。Picus Security社報告。悪用されたCVE-2024-30088は権限昇格。STEALHOOKバックドアを使用。DLL投下で平文パスワードを抽出。Ngrokでトンネル。 https://t.co/y1XhMtalKV
@__kokumoto
24 Dec 2024
1817 Impressions
3 Retweets
15 Likes
4 Bookmarks
1 Reply
1 Quote
OilRig (APT34) specializes in: ⚙️ Exploiting zero-days (CVE-2024-30088) 📊 Obfuscation & evasion tactics 🔑 Credential theft Learn how this advanced group operates and how to defend against them. 👉 Full analysis: https://t.co/SGHOc0W23s #CyberSecurity #APT34 #OilRig
@PicusSecurity
24 Dec 2024
2267 Impressions
14 Retweets
39 Likes
18 Bookmarks
0 Replies
0 Quotes
🔴 #Windows Kernel Elevation of Privilege Vulnerability (#CVE-2024-30088) (Critical) - Critical https://t.co/kJ0veSPjO9
@dailycve
29 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-30088
@transilienceai
25 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-30088 is getting exploited #inthewild. Find out more at https://t.co/QiT95nLyZp CVE-2021-4444 is getting exploited #inthewild. Find out more at https://t.co/uq5M6rwnfk CVE-2024-40711 is getting exploited #inthewild. Find out more at https://t.co/T1KmDbBwqH
@inthewildio
23 Oct 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyberattacchi di OilRig nel Medio Oriente: analisi approfondita Sicurezza Informatica, apt34, CVE-2024-30088, Earth Simnavaz, exchange, guerra cibernetica, malware, Medio Oriente, oilrig, server https://t.co/caTMgyA03z https://t.co/1dmBNngLOb
@matricedigitale
22 Oct 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0F5BFA22-D18B-47A8-B26F-882E0910FE6B",
"versionEndExcluding": "10.0.14393.7070"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "1EA9F602-3E4B-4A9B-8D15-D8CA75CA859B",
"versionEndExcluding": "10.0.14393.7070"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950"
}
],
"operator": "OR"
}
]
}
]