CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-49114

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
7.8/10
EPSS
0.00396/1

CVE-2024-49114: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. This vulnerability allows an attacker to gain elevated privileges on a system running an affected version of Windows. The Cloud Files Mini Filter Driver is improperly secured, which can lead to privilege escalation if exploited.

While the CVSS score is 7.8 (High), the SOCRadar Vulnerability Risk Score (SVRS) is 30. Although not critical based on the SVRS, organizations should still apply the patch. Successful exploitation could allow an attacker to perform unauthorized actions with system-level access. This CVE is significant because it impacts a core component of the Windows operating system. Apply the patch to prevent possible exploits.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-12-10

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The Windows Registry Adventure #6: Kernel-mode objects
[email protected] (Google Project Zero)2025-04-16
The Windows Registry Adventure #6: Kernel-mode objects | Posted by Mateusz Jurczyk, Google Project Zero Welcome back to the Windows Registry Adventure! In the previous installment<
blogspot.com
rss
forum
news
The December 2024 Security Update Review
Dustin Childs2025-02-01
The December 2024 Security Update Review | We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for December 2024</strong
zerodayinitiative.com
rss
forum
news
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
Cisco Talos2024-12-10
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities | The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as &#x201c;critical.&#x201d; The remaining vulnerabilities listed are classified as &#x201c;important.&#x201d;&#xa0;Microsoft assessed that exploitation of the four &#x201c;
feedburner.com
rss
forum
news
Patch Tuesday - December 2024
Adam Barnett2024-12-10
Patch Tuesday - December 2024 | 1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row
rapid7.com
rss
forum
news
1.787
2024-12-10
1.787 | Newly Added (137)Zoom Desktop Client CVE-2022-28755 Input Validation Bypass VulnerabilityIrfanView CVE-2024-11529 Out of Bounds Read VulnerabilityIrfanView CVE-2024-11513 Buffer Overflow VulnerabilityIrfanView CVE-2024
fortiguard.com
rss
forum
news
CVE-2024-49114 | Microsoft Windows up to Server 2025 Cloud Files Mini Filter Driver missing synchronization
vuldb.com2024-12-10
CVE-2024-49114 | Microsoft Windows up to Server 2025 Cloud Files Mini Filter Driver missing synchronization | A vulnerability was found in Microsoft Windows. It has been classified as critical. This affects an unknown part of the component Cloud Files Mini Filter Driver. The manipulation leads to missing synchronization. This vulnerability is uniquely identified as CVE-2024-49114. It is possible to launch the attack
vuldb.com
rss
forum
news
Microsoft Patch Tuesday December 2024 – 71 Vulnerabilities Fixed, Including 30 RCEs
Balaji N2024-12-10
Microsoft Patch Tuesday December 2024 – 71 Vulnerabilities Fixed, Including 30 RCEs | Microsoft released a security as part of the December Patch Tuesday that addressed 72 vulnerabilities, including 30 classified as critical Remote Code Execution (RCE) vulnerabilities and 14 RCEs are These fixes are crucial for securing Windows operating systems and related software against potential exploitation. Key Highlights of December 2024 Patch Tuesday Updates: A recent security [&#8230;] The post Microsoft Patch Tuesday December 2024 &#8211; 71 Vulnerabilities Fixed, Including 30 RCEs<
cybersecuritynews.com
rss
forum
news

Social Media

🚨CVE-2024-49114 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. 🔴CVSS 7.8 HIGH #infosec #windows #patchtuesday
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_11_24h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114
WINDOWS CLOUD FILES MINI FILTER DRIVER ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114
WINDOWS CLOUD FILES MINI FILTER DRIVER ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114

CWE Details

CWE IDCWE NameDescription
CWE-820Missing SynchronizationThe software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence