module

Windows Access Mode Mismatch LPE in ks.sys

Disclosed	Created
Jun 11, 2024	Dec 4, 2024

Disclosed

Jun 11, 2024

Created

Dec 4, 2024

Description

The ks.sys driver on Windows is one of the core components of Kernel Streaming and is installed by default.
There exists a LPE in this driver which can be exploited on many recent versions of Windows 10,
Windows 11, Windows Server 2022.

Authors

AngelBoy
varwara
jheysel-r7

Platform

Windows

Architectures

x64

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/local/cve_2024_35250_ks_driver
    msf exploit(cve_2024_35250_ks_driver) > show targets
        ...targets...
    msf exploit(cve_2024_35250_ks_driver) > set TARGET < target-id >
    msf exploit(cve_2024_35250_ks_driver) > show options
        ...show and set options...
    msf exploit(cve_2024_35250_ks_driver) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report