CVE-2024-43641: Critical vulnerability affecting Windows Server 2025, Windows 10, and Windows 11. Its severity score is high as well, at 7.8 out of 10.
CVE-2024-43641: Critical vulnerability affecting Windows Server 2025, Windows 10, and Windows 11. Its severity score is high as well, at 7.8 out of 10.
This vulnerability stems from an issue in the Windows Registry, and integer overflow could give attackers the chance to execute code with elevated privileges. The security flaw impacts systems with x64 and ARM64 architecture, alongside certain 32-bit systems on Windows Server 2008 to 2025 and Windows 10 to 11.
This issue, “False File Immutability” (FFI), which was presented at BlueHat IL 2024 and REcon Montreal 2024, was discovered by researcher Gabriel Landau.
FFI occurs when code erroneously assumes that files cannot be modified by others because the file was opened without write-sharing. Attackers can still manipulate these files in some cases, causing security issues.
PoC CVE-2024-43641 — Misuse Points of Interest
A PoC exploit was released, demonstrating a vulnerability in Windows registry hive memory management. Due to this mechanism, under specific memory settings, registry hives can be stacked, enabling same memory pages to be loaded and re-read, potentially leading to security vulnerabilities. A suspicious SMB server appears return different data for each requests, violating some contract assumptions.
This PoC shared by Mateusz Jurczyk from Google Venture Zero uses a Linux-based SMB server to control the hive record.
The exploit functioned on Windows 11 23H2 with the thrift of July 2024 patches.
To verify this, the analysts used a Windows 11 VM (4 GB Slam) and a Linux VM with an SMB server. Examples of maximum misuse include the legacy memory weight and a large (around 900 MB) hive record utilized for giving issues in the registry.
The vulnerability allows attackers to corrupt the memory by controlling the canister header structure in the Windows Registry. Microsoft has seen this and dismissed a settle in KB5036980 See, with common accessibility as KB5037771 for Windows 11 23H2. Testing on other stages is still pending.
Framework directors and clients should introduce the most up to date security overhauls and be vigilant for conceivable maltreatments. The cybersecurity community continues to monitor for signs of active attacks.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.