CVE-2024-21302 — Improper Access Control in Microsoft Windows 10 Version 1507

CWE-284 — Improper Access Control8 documents6 sources

Severity

6.7MEDIUMNVD

EPSS

1.1%

top 21.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +20 more

Timeline

PublishedAug 8

Latest updateAug 13

Description

Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerability. An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enab…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages23 packages

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.8246

▶CVEListV5microsoft/windows_10_version_150710.0.10240.0 — 10.0.10240.21073

▶CVEListV5microsoft/windows_10_version_160710.0.14393.0 — 10.0.14393.8246

▶CVEListV5microsoft/windows_10_version_180910.0.17763.0 — 10.0.17763.7558

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.7558

Patches

Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9jp7-3q3j-jx4g: Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security↗2024-08-08

▶

CVEList

Windows Secure Kernel Mode Elevation of Privilege Vulnerability↗2024-08-08

▶

📋Vendor Advisories

Microsoft

Windows Secure Kernel Mode Elevation of Privilege Vulnerability↗2024-08-13

▶

🕵️Threat Intelligence

Qualys

Windows CVE-2024-21302 Secure Kernel Mode Vulnerability | Qualys↗2024-08-13

▶

Talos

Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed↗2024-08-13

▶

Talos

Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed↗2024-08-13

▶