module

Windows Access Mode Mismatch LPE in ks.sys

Disclosed	Created
Jun 11, 2024	Dec 4, 2024

Disclosed

Jun 11, 2024

Created

Dec 4, 2024

Description

The ks.sys driver on Windows is one of the core components of Kernel Streaming and is installed by default.
There exists a LPE in this driver which can be exploited on many recent versions of Windows 10,
Windows 11, Windows Server 2022.

Authors

AngelBoy
varwara
jheysel-r7

Platform

Windows

Architectures

x64

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/local/cve_2024_35250_ks_driver
    msf exploit(cve_2024_35250_ks_driver) > show targets
        ...targets...
    msf exploit(cve_2024_35250_ks_driver) > set TARGET < target-id >
    msf exploit(cve_2024_35250_ks_driver) > show options
        ...show and set options...
    msf exploit(cve_2024_35250_ks_driver) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today