CVE-2024-37985 – This Windows kernel vulnerability allows attack... (How to Fix)

Q: What is the severity of CVE-2024-37985?

CVE-2024-37985 has a CVSS score of 5.9 (MEDIUM). This Windows kernel vulnerability allows attackers to read sensitive kernel memory information. It affects Windows systems where an attacker has local access. The vulnerability could expose system information that might aid further attacks.

📋 TL;DR

This Windows kernel vulnerability allows attackers to read sensitive kernel memory information. It affects Windows systems where an attacker has local access. The vulnerability could expose system information that might aid further attacks.

💻 Affected Systems

Products:

Windows

Versions: Multiple Windows versions - check Microsoft advisory for specific affected versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Windows kernel components. Requires local access to exploit.

📦 What is this software?

Windows 11 22h2 by Microsoft

View all CVEs affecting Windows 11 22h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure could reveal kernel memory structures, potentially enabling privilege escalation or bypassing security mechanisms in combination with other vulnerabilities.

🟠

Likely Case

Local attackers could gather system information that helps them understand kernel layout for more sophisticated attacks.

🟢

If Mitigated

With proper access controls and least privilege principles, the impact is limited to information disclosure without direct system compromise.

🌐 Internet-Facing: LOW - This is a local information disclosure vulnerability requiring local access to exploit.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised accounts with local access could exploit this to gather system intelligence.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and kernel-level exploitation knowledge. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft's monthly security updates for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all available security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Restrict local access

windows

Limit local user access to systems through proper access controls and least privilege principles

🧯 If You Can't Patch

Implement strict access controls to limit who has local system access
Monitor for unusual local user activity and kernel-related events

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches or use Microsoft's security update guide

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify the latest security updates are installed via Windows Update history or systeminfo command

📡 Detection & Monitoring

Log Indicators:

Unusual kernel mode driver activity
Suspicious local privilege escalation attempts

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

EventID=4688 AND ProcessName contains kernel-related terms AND User NOT IN (expected_admin_users)

📊 Metadata

CVE ID: CVE-2024-37985

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-1037

Published: September 17, 2024

Last Updated: September 29, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37985, you might also want to check these: