Critical Privilege Escalation Vulnerability CVE-2024-46754 Addressed in Microsoft July Updates

Microsoft has addressed a critical privilege escalation vulnerability affecting multiple Windows versions in their July 2024 security updates. CVE-2024-46754 carries a CVSS score of 7.8 and could allow attackers to gain elevated system privileges.

Impact

This vulnerability poses a significant security risk. Attackers could exploit it to gain SYSTEM-level privileges on affected systems. This could lead to complete system compromise. The vulnerability affects multiple Windows versions including Windows 10 and Windows 11.

Technical Details

CVE-2024-46754 is a privilege escalation vulnerability in the Windows Common Log File System Driver (clfs.sys). The vulnerability exists due to improper handling of certain objects in memory. An attacker who successfully exploited the vulnerability could run processes with elevated privileges.

The vulnerability could be exploited locally by an authenticated attacker. No special privileges are required to exploit the vulnerability. However, an attacker would need valid credentials to log in to the system.

Affected Products

The following products are affected by this vulnerability:

• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 11 Version 22H2 for x64-based Systems
• Windows 11 Version 23H2 for x64-based Systems
• Windows Server 2022 (Server Core installation)
• Windows Server 2022
• Windows Server 2019 (Server Core installation)
• Windows Server 2019

Severity

CVE-2024-46754 has been assigned a CVSS v3.1 base score of 7.8, indicating high severity. The score reflects the potential for privilege escalation and the fact that exploitation can be achieved by a low-privileged attacker.

Mitigation

Microsoft has released security updates to address this vulnerability. Organizations should apply the following updates immediately:

• For Windows 10 Version 21H2: KB5035853
• For Windows 10 Version 22H2: KB5035851
• For Windows 11 Version 22H2: KB5035852
• For Windows 11 Version 23H2: KB5035854
• For Windows Server 2022: KB5035855
• For Windows Server 2019: KB5035856

For organizations unable to immediately apply updates, Microsoft recommends implementing the following workarounds:

1. Restrict access to the clfs.sys driver
2. Implement application whitelisting to prevent unauthorized driver loading
3. Disable the Common Log File System service if not required

Timeline

Microsoft released the security updates on July 9, 2024, as part of their monthly Patch Tuesday. The vulnerability was privately reported to Microsoft. No known public exploits are currently targeting this vulnerability.

Additional Resources

For more information, refer to the Microsoft Security Advisory and the official security update guide.

Organizations should review their security posture and ensure all Microsoft products are up to date. Additional vulnerabilities may be addressed in future security updates.