CVE-2024-30088

Published Jun 11, 2024

Last updated 5 months ago

Exploit knownCVSS high 7.0
Windows Kernel

Overview

Description
Windows Kernel Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2

Risk scores

CVSS 3.1

Type
Secondary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Exploit added on
Oct 15, 2024
Exploit action due
Nov 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-367
nvd@nist.gov
CWE-367

Social media

Hype score
Not currently trending

  1. #ThreatProtection Read more about Symantec Data Center Security (DCS) protection against CVE-2024-30088. https://t.co/1CTnMfBTxr #Vulnerability

    @threatintel

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. گروه هکری ایرانی با نام Earth Simnavaz با استفاده از تکنینک های پیچیده اقدام به دسترسی به سرورها و شبکه های امارات نموده اند. این گروه هکری با اکسپلویت کردن آسیب پذیری مربوط به Exchange با کد شناسایی CVE-2024-30088 اقدام به سرقت اطلاعات نموده است. https://t.co/Y2P1U3eX7Y https://

    @AmirHossein_sec

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Dropped 2 Writeups Windows & Driver Internals → Exploitation Kernel Exploit ( CVEs + Root Cause → Exploit) • CVE-2025-62215 • CVE-2024-30088 • CVE-2024-21338 • Stack Overflow & Arbitrary Overwrite (Kernel) https://t.co/TAj4v5rG1v #ExploitDevelopment

    @0XDbgMan

    15 Feb 2026

    68 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 以下の4脆弱性がランサムウェアに悪用されたことが確認された。米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。 - Windowsの権限昇格CVE-2024-49039, CVE-2024-30088 - Cy

    @__kokumoto

    29 Jan 2026

    2771 Impressions

    6 Retweets

    36 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  5. 常规的利用过程如上图,打点获得WebShell后进行内网穿透,然后用公开的CVE-2024-30088的POC进行提权: Windows内核提权漏洞(CVE-2024-30088)被伊朗黑客组织APT34利用 联系;https://t.co/Sww99mStlA https://t.co/cPn0iwMv7R

    @CoaStj376a1duz

    28 Dec 2025

    63 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Top 5 Trending CVEs: 1 - CVE-2025-33073 2 - CVE-2023-50428 3 - CVE-2024-30088 4 - CVE-2025-42957 5 - CVE-2025-54948 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Sept 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2024-11477 2 - CVE-2025-52970 3 - CVE-2024-30088 4 - CVE-2025-24252 5 - CVE-2025-5958 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    7 Sept 2025

    250 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 2025-09-06 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2024-30088 Pwning Windows Kernel @ Pwn2Own Vancouver 2024 (Plus Xbox) https://t.co/nr1Y9FtqX2 https://t.co/zfyBXNvr4F

    @motikan2010

    7 Sept 2025

    225 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Windows kernel exploitation (CVE-2024-30088, Pwn2Own Vancouver 2024) https://t.co/6UWvb48lbn #infosec https://t.co/4cLHBeoAf5

    @0xor0ne

    6 Sept 2025

    6341 Impressions

    40 Retweets

    166 Likes

    53 Bookmarks

    3 Replies

    0 Quotes

  10. Potential privilege escalation vulnerabilities in Windows Server 2019, CVE-2024-30088 again 💻🤖💀 #EthicalHacking #KaliLinux https://t.co/2y1AqQrVUD

    @Hack32_

    17 Jul 2025

    314 Impressions

    0 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  11. One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! https://t.co/pZH3WgQG91

    @starlabs_sg

    10 Jul 2025

    16132 Impressions

    49 Retweets

    163 Likes

    55 Bookmarks

    2 Replies

    2 Quotes

  12. #CyberSecurity #Malware CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability https://t.co/dGSNhbAN6U

    @Komodosec

    27 Dec 2024

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability https://t.co/Y6ggZaHWlx

    @Dinosn

    25 Dec 2024

    2249 Impressions

    0 Retweets

    11 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  14. Top 5 Trending CVEs: 1 - CVE-2024-53961 2 - CVE-2024-30085 3 - CVE-2024-56375 4 - CVE-2024-30088 5 - CVE-2024-56337 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    25 Dec 2024

    128 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ハッカー集団OilRig/APT34が、Windowsカーネルのゼロデイ脆弱性を使用しUAE等湾岸諸国の重要インフラ及び政府組織を攻撃。Picus Security社報告。悪用されたCVE-2024-30088は権限昇格。STEALHOOKバックドアを使用。DLL投下で平文パスワードを抽出。Ngrokでトンネル。 https://t.co/y1XhMtalKV

    @__kokumoto

    24 Dec 2024

    1817 Impressions

    3 Retweets

    15 Likes

    4 Bookmarks

    1 Reply

    1 Quote

  16. OilRig (APT34) specializes in: ⚙️ Exploiting zero-days (CVE-2024-30088) 📊 Obfuscation & evasion tactics 🔑 Credential theft Learn how this advanced group operates and how to defend against them. 👉 Full analysis: https://t.co/SGHOc0W23s #CyberSecurity #APT34 #OilRig

    @PicusSecurity

    24 Dec 2024

    2267 Impressions

    14 Retweets

    39 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  17. 🔴 #Windows Kernel Elevation of Privilege Vulnerability (#CVE-2024-30088) (Critical) - Critical https://t.co/kJ0veSPjO9

    @dailycve

    29 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2024-30088

    @transilienceai

    25 Oct 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. CVE-2024-30088 is getting exploited #inthewild. Find out more at https://t.co/QiT95nLyZp CVE-2021-4444 is getting exploited #inthewild. Find out more at https://t.co/uq5M6rwnfk CVE-2024-40711 is getting exploited #inthewild. Find out more at https://t.co/T1KmDbBwqH

    @inthewildio

    23 Oct 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Cyberattacchi di OilRig nel Medio Oriente: analisi approfondita Sicurezza Informatica, apt34, CVE-2024-30088, Earth Simnavaz, exchange, guerra cibernetica, malware, Medio Oriente, oilrig, server https://t.co/caTMgyA03z https://t.co/1dmBNngLOb

    @matricedigitale

    22 Oct 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.CVE-2026-26111
  2. Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.CVE-2026-25190
  3. Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2026-25189
  4. Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.CVE-2026-25188
  5. Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.CVE-2026-25187

References

Sources include official advisories and independent security research.