CVE-2024-49114
published 2024-12-12CVE-2024-49114: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.73%
49.3th percentile
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_21h2 | < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_22h2 | < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_11_22h2 | < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_24h2 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2019 | < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_server_2022 | < 10.0.20348.2966 | 10.0.20348.2966 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2966 | 10.0.20348.2966 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1308 | 10.0.25398.1308 |
| microsoft | windows_server_2025 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_11_version_24h2 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption - Project Zero
project_zero·2025-05-01
CVE-2019-0881 The Windows Registry Adventure #8: Practical exploitation of hive memory corruption - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and freed memory chunks by a custom al
Project0
The Windows Registry Adventure #7: Attack surface analysis - Project Zero
project_zero·2025-05-01
CVE-2010-0237 The Windows Registry Adventure #7: Attack surface analysis - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily lengthens the total
Project0
The Windows Registry Adventure #6: Kernel-mode objects - Project Zero
project_zero·2025-04-01
CVE-2023-21748 The Windows Registry Adventure #6: Kernel-mode objects - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole othe
GHSA
GHSA-396q-83g8-947v: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
ghsa_unreviewed·2024-12-12
CVE-2024-49114 [HIGH] CWE-820 GHSA-396q-83g8-947v: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
vendor_msrc·2024-12-10·CVSS 7.8
CVE-2024-49114 [HIGH] CWE-820 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Cloud Files Mini Filter Driver: Windows Cloud Files Mini Filter Driver
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048661
Reference: https://support.microsoft.com/help/5048661
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048654
Reference: https://support.microsoft.com/hel
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
blogs_talos·2024-12-10·CVSS 8.4
CVE-2024-49112 [HIGH] Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-49112 is the most serious of this bunch, with a CVSS severity score of 9.8 out of 10. An attacker could exploit this vulnerability in Windows Lightweight Directory Access Protocol (LDAP) calls to execute arbitrary code within the context of the LDAP service. Additionally, CVE-2024-49124 and CVE-2024-49127 permit an unauthenticated attacker to send a specially crafted request to a vulnerable LDAP server, potentially executing the attacker's code if they succeed in a "race condition." Although the above
Qualys
Microsoft and Adobe Patch Tuesday, December 2024 Security Update Review
blogs_qualys·2024-12-10
Microsoft and Adobe Patch Tuesday, December 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for December 2024
Adobe Patches for December 2024
Zero-day Vulnerabilities Patched in December Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
Closing out 2024, Microsoft’s December Patch Tuesday highlights the importance of year-end maintenance with updates tackling critical vulnerabilities. As cyber threats remain persistent, these patches serve as a vital reminder of the ongoing need for
Talos
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
blogs_talos·2024-12-10·CVSS 8.4
CVE-2024-49112 [HIGH] Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
## Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-49112 is the most serious of this bunch, with a CVSS severity score of 9.8 out of 10. An attacker could exploit this vulnerability in Windows Lightweight Directory Access Protocol (LDAP) calls to execute arbitrary code within the context of the LDAP service. Additionally, CVE-2024-49124 and CVE-2024-49127 permit an unauthenticated attacker to send a specially crafted request to a vulnerable LDAP server, potentially exe
Bleepingcomputer
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
blogs_bleepingcomputer·2024-12-10·CVSS 7.8
[HIGH] Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
## Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
## Lawrence Abrams
27 Elevation of Privilege Vulnerabilities
30 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
1 Spoofing Vulnerabilities
This count does not include two Edge flaws that were previously fixed on December 5 and 6th.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5048667 & KB5048685 cumulative updates and the Windows 10 KB5048652 cumulative update .
## One actively exploited zero-day disclosed
This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability.
Microsoft classifies a zero-day flaw as one that is publicly
Qualys
Critical Microsoft Vulnerabilities Patched December 2024 | Qualys
blogs_qualys·2024-12-10
Critical Microsoft Vulnerabilities Patched December 2024 | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for December 2024
- Adobe Patches for December 2024
- Zero-day Vulnerabilities Patched in December Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
Closing out 2024, Microsoft’s December Patch Tuesday highlights the importance of year-end maintenance with updates tackling critical vulnerabilities. As cyber threats remain persistent, these patches serve as a vital reminder of the ong
Zscaler
Zscaler protects against 3 new vulnerabilities | 12-10-2024
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler protects against 3 new vulnerabilities | 12-10-2024
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2024-12-12
Published