CVE-2024-35265 – This vulnerability allows an authenticated atta... (How to Fix)

Q: What is the severity of CVE-2024-35265?

CVE-2024-35265 has a CVSS score of 7.0 (HIGH). This vulnerability allows an authenticated attacker to elevate privileges on Windows systems by exploiting the Windows Perception Service. It affects Windows 10, Windows 11, and Windows Server systems with the vulnerable service enabled.

📋 TL;DR

This vulnerability allows an authenticated attacker to elevate privileges on Windows systems by exploiting the Windows Perception Service. It affects Windows 10, Windows 11, and Windows Server systems with the vulnerable service enabled.

💻 Affected Systems

Products:

Windows 10
Windows 11
Windows Server 2019
Windows Server 2022

Versions: Multiple versions prior to July 2024 security updates

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Windows Perception Service to be running, which is enabled by default on affected systems.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains SYSTEM-level privileges, enabling complete system compromise, data theft, malware installation, and lateral movement across the network.

🟠

Likely Case

Local authenticated attackers escalate privileges to gain administrative control over the compromised system.

🟢

If Mitigated

With proper access controls and patch management, impact is limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring authenticated access to the system.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and specific conditions to trigger the privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2024 security updates (KB5040442 for Windows 11, KB5040437 for Windows 10, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35265

Restart Required: Yes

Instructions:

1. Apply July 2024 Windows security updates via Windows Update. 2. Alternatively, download and install the specific KB patch for your Windows version. 3. Restart the system to complete installation.

🔧 Temporary Workarounds

Disable Windows Perception Service

windows

Disables the vulnerable service to prevent exploitation

sc config "PerceptionSimulation" start= disabled
sc stop "PerceptionSimulation"

🧯 If You Can't Patch

Implement strict access controls and least privilege principles
Monitor for suspicious service manipulation and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if July 2024 security updates are installed via Windows Update history or systeminfo command

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5040442 (Windows 11) or KB5040437 (Windows 10) is installed and PerceptionSimulation service version is updated

📡 Detection & Monitoring

Log Indicators:

Event ID 4688 with PerceptionSimulation service manipulation
Unexpected privilege escalation events in security logs

Network Indicators:

Unusual outbound connections from systems after local privilege escalation

SIEM Query:

EventID=4688 AND (ProcessName="PerceptionSimulation" OR CommandLine CONTAINS "PerceptionSimulation")

📊 Metadata

CVE ID: CVE-2024-35265

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-367

Published: June 11, 2024

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35265 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35265 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35265, you might also want to check these: