Description

The Microsoft Security Response Center (MSRC) released an update to its advisory, classifying CVE-2024-37985, which was disclosed on July 9, 2024, as a zero-day vulnerability. This flaw, classified as a Windows Kernel Information Disclosure Vulnerability, has a CVSS score of 5.9 (Medium), highlighting a significant security risk. The vulnerability arises from a weakness within the Windows kernel, which manages system resources and hardware communication. Microsoft reports that successful exploitation permits attackers to access heap memory from a privileged process running on a compromised server. This heap memory can contain sensitive information, including system details and user data from critical applications. Unauthorized access to this memory may result in severe data leaks, potentially enabling attackers to escalate their efforts or compromise sensitive information. Although Microsoft confirms that exploiting this vulnerability is not straightforward and requires specific conditions within the target environment, meeting these prerequisites could facilitate unauthorized data access. Microsoft has intentionally withheld specific details regarding the exploitation methods to prevent further risks until a comprehensive patch is available. While this vulnerability is not categorized as “critical,” the risk of unauthorized heap memory access poses a serious threat. Malicious actors may exploit such vulnerabilities to gain insights into privileged processes, leading to more severe attacks like privilege escalation or remote code execution. The disclosure of CVE-2024-37985 was part of Microsoft’s July 2024 Patch Tuesday update, which addressed 142 vulnerabilities, including two actively exploited zero-day vulnerabilities: CVE-2024-38080 (Windows Hyper-V Elevation of Privilege) and CVE-2024-38112 (Windows MSHTML Platform Spoofing).