Vulnerability detail

Enriched intelligence for a single CVE

7.0

CVSS
High

CVE-2024-30088

PUBLISHED

Windows Kernel Elevation of Privilege Vulnerability

Exploited in the wild Used in malware PoC available No user interaction

Vendor: Microsoft
Product: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)
Published: Jun 11, 2024
EPSS: —

Windows Kernel Elevation of Privilege Vulnerability

windows cisa malware microsoft nessus_scanner

CVSS v3.1 7.0 High

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Exploited in the wild

Recorded 2024-10-15 00:00:00 UTC · Source

Used in malware

Recorded 2026-06-02 14:08:22 UTC · Source

Proof of concept available

Recorded 2024-06-24 10:37:26 UTC · Source

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Oct 15, 2024

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/200352	Jun 02, 2025

These PoCs are unverified and could contain malware. Use at your own risk.

github · Created 2024-07-05 16:02:56 UTC · 37 stars

该漏洞存在于 NtQueryInformationToken 函数中，特别是在处理AuthzBasepCopyoutInternalSecurityAttributes 函数时，该漏洞源于内核在操作对象时对锁定机制的不当管理，这一失误可能导致恶意实体意外提升权限。

github · Created 2024-06-27 07:05:46 UTC · 6 stars

🆘New Windows Kernel Priviledge Escalation Vulnerability

github · Created 2024-06-24 10:37:26 UTC · 249 stars