Security researcher ‘Frost’ has released proof-of-concept exploit code for the high-severity vulnerability in the Kernel Streaming WOW Thunk Service Driver could enable local attackers to escalate privileges to SYSTEM level by exploiting a heap-based buffer overflow.
The vulnerability tracked as CVE-2024-38054, with a CVSS score of 7.8, stems from a boundary error within the Kernel Streaming WOW Thunk Service Driver, triggering a heap-based buffer overflow and can be exploited to escalate privileges, potentially giving the attacker SYSTEM-level access.
Microsoft released the patch during the July 2024 patch on Tuesday with the exploitation index “Exploitation more likely”
Frost’s GitHub repository not only contains the PoC exploit code for CVE-2024-38054 but also promises an upcoming in-depth vulnerability analysis.
With the release of the exploit code and now publicly available, organizations and individuals running vulnerable systems are at increased risk, particularly as threat actors may move quickly to weaponize the PoC in targeted attacks.
Ensuring that all systems are patched is the most effective way to mitigate the risk posed.
