Loading...
Loading...
Browse all stories on DeepNewz
VisitCVSS 9.8 Vulnerability Bypasses Windows Driver Signature Enforcement, Allows Unsigned Kernel Drivers
Oct 28, 2024, 12:10 AM
A newly discovered vulnerability allows attackers to bypass Microsoft's Driver Signature Enforcement on fully patched Windows systems, enabling the installation of unsigned kernel drivers. This security flaw, rated CVSS 9.8, compromises the integrity of the operating system's security. The issue, first reported by multiple sources, highlights a significant risk for Windows users, as it can potentially be exploited to install kernel rootkits. This vulnerability adds to a series of recent security concerns, including a critical authentication bypass flaw in the wpDiscuz plugin (CVE-2024-9488) affecting over 80,000 sites, and another critical RCE flaw in VMware vCenter (CVE-2024-38812). Additionally, a vulnerability in the Common Log File System (CLFS) driver allows a local user to gain elevated privileges on Windows 11.
View original story
Markets
No • 50%
Yes • 50%
Reports from major cybersecurity firms or news outlets documenting incidents
No • 50%
Yes • 50%
Reports from cybersecurity agencies or media outlets confirming high-profile exploitation
Yes • 50%
No • 50%
Official Microsoft Security Response Center (MSRC) announcements or patch notes
Microsoft • 25%
Other • 25%
Amazon • 25%
Google • 25%
Official statements from the companies or verified reports from cybersecurity firms
Other • 25%
CISA (Cybersecurity and Infrastructure Security Agency) • 25%
NCSC (National Cyber Security Centre) • 25%
CERT (Computer Emergency Response Team) • 25%
Public advisories or warnings from cybersecurity organizations or government agencies
CLFS driver privilege escalation • 25%
Other • 25%
wpDiscuz plugin flaw (CVE-2024-9488) • 25%
VMware vCenter RCE flaw (CVE-2024-38812) • 25%
Microsoft's official patch release notes or security bulletins