CVE-2024-26245: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1507
Windows SMB Elevation of Privilege Vulnerability
AI Analysis
Technical Summary
CVE-2024-26245 is a high-severity vulnerability identified in Microsoft Windows 10 Version 1507 (build 10.0.10240.0), specifically involving an out-of-bounds read (CWE-125) within the Server Message Block (SMB) protocol implementation. This vulnerability allows an attacker with limited privileges (low-level privileges) and local access to the system to exploit the flaw without requiring user interaction. The vulnerability arises due to improper bounds checking in SMB processing code, which can lead to reading memory outside the intended buffer boundaries. This out-of-bounds read can result in elevation of privilege by leaking sensitive information or corrupting memory, potentially allowing the attacker to execute arbitrary code with elevated privileges. The CVSS v3.1 base score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), low attack complexity (AC:L), and requiring privileges (PR:L) but no user interaction (UI:N). The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component without impacting other system components. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a significant risk for affected systems, especially since Windows 10 Version 1507 is an early release and may still be in use in legacy or specialized environments. No official patches or mitigations have been linked yet, indicating that affected organizations must prioritize risk assessment and interim protective measures.
Potential Impact
For European organizations, the impact of CVE-2024-26245 is considerable, particularly for those still operating legacy Windows 10 Version 1507 systems. The vulnerability can lead to unauthorized privilege escalation, enabling attackers to gain higher-level access and potentially compromise sensitive data, disrupt services, or deploy further malware. This is especially critical in sectors with stringent data protection requirements such as finance, healthcare, and government institutions. The SMB protocol is widely used for file sharing and network communications, so exploitation could facilitate lateral movement within corporate networks, increasing the risk of widespread compromise. Given the vulnerability requires local access and low privileges, insider threats or attackers who have gained initial footholds could leverage this flaw to escalate privileges rapidly. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as proof-of-concept exploits could emerge. Organizations relying on legacy Windows 10 versions may face compliance challenges under GDPR and other regulations if breaches occur due to unpatched vulnerabilities.
Mitigation Recommendations
1. Immediate inventory and identification of all systems running Windows 10 Version 1507 (build 10.0.10240.0) to assess exposure. 2. Where possible, upgrade affected systems to a supported and fully patched version of Windows 10 or later, as this version is outdated and no longer supported with security updates. 3. Implement strict access controls to limit local access to systems, including enforcing least privilege principles and restricting administrative rights. 4. Employ network segmentation to isolate legacy systems and limit SMB traffic to only trusted devices and networks, reducing the attack surface. 5. Monitor local system logs and SMB-related events for unusual activity that could indicate exploitation attempts. 6. Use endpoint detection and response (EDR) tools capable of detecting anomalous privilege escalation behaviors. 7. Until patches are available, consider disabling SMBv1 or restricting SMB protocol usage if legacy applications allow, as SMBv1 is often associated with vulnerabilities and legacy versions. 8. Educate internal users about the risks of local privilege escalation and enforce strong physical security controls to prevent unauthorized local access. 9. Stay informed on Microsoft advisories for any forthcoming patches or mitigations related to this CVE.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Poland, Netherlands, Belgium, Sweden, Austria
CVE-2024-26245: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1507
Description
Windows SMB Elevation of Privilege Vulnerability
AI-Powered Analysis
Technical Analysis
CVE-2024-26245 is a high-severity vulnerability identified in Microsoft Windows 10 Version 1507 (build 10.0.10240.0), specifically involving an out-of-bounds read (CWE-125) within the Server Message Block (SMB) protocol implementation. This vulnerability allows an attacker with limited privileges (low-level privileges) and local access to the system to exploit the flaw without requiring user interaction. The vulnerability arises due to improper bounds checking in SMB processing code, which can lead to reading memory outside the intended buffer boundaries. This out-of-bounds read can result in elevation of privilege by leaking sensitive information or corrupting memory, potentially allowing the attacker to execute arbitrary code with elevated privileges. The CVSS v3.1 base score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), low attack complexity (AC:L), and requiring privileges (PR:L) but no user interaction (UI:N). The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component without impacting other system components. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a significant risk for affected systems, especially since Windows 10 Version 1507 is an early release and may still be in use in legacy or specialized environments. No official patches or mitigations have been linked yet, indicating that affected organizations must prioritize risk assessment and interim protective measures.
Potential Impact
For European organizations, the impact of CVE-2024-26245 is considerable, particularly for those still operating legacy Windows 10 Version 1507 systems. The vulnerability can lead to unauthorized privilege escalation, enabling attackers to gain higher-level access and potentially compromise sensitive data, disrupt services, or deploy further malware. This is especially critical in sectors with stringent data protection requirements such as finance, healthcare, and government institutions. The SMB protocol is widely used for file sharing and network communications, so exploitation could facilitate lateral movement within corporate networks, increasing the risk of widespread compromise. Given the vulnerability requires local access and low privileges, insider threats or attackers who have gained initial footholds could leverage this flaw to escalate privileges rapidly. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as proof-of-concept exploits could emerge. Organizations relying on legacy Windows 10 versions may face compliance challenges under GDPR and other regulations if breaches occur due to unpatched vulnerabilities.
Mitigation Recommendations
1. Immediate inventory and identification of all systems running Windows 10 Version 1507 (build 10.0.10240.0) to assess exposure. 2. Where possible, upgrade affected systems to a supported and fully patched version of Windows 10 or later, as this version is outdated and no longer supported with security updates. 3. Implement strict access controls to limit local access to systems, including enforcing least privilege principles and restricting administrative rights. 4. Employ network segmentation to isolate legacy systems and limit SMB traffic to only trusted devices and networks, reducing the attack surface. 5. Monitor local system logs and SMB-related events for unusual activity that could indicate exploitation attempts. 6. Use endpoint detection and response (EDR) tools capable of detecting anomalous privilege escalation behaviors. 7. Until patches are available, consider disabling SMBv1 or restricting SMB protocol usage if legacy applications allow, as SMBv1 is often associated with vulnerabilities and legacy versions. 8. Educate internal users about the risks of local privilege escalation and enforce strong physical security controls to prevent unauthorized local access. 9. Stay informed on Microsoft advisories for any forthcoming patches or mitigations related to this CVE.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- microsoft
- Date Reserved
- 2024-02-15T00:57:49.360Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9836c4522896dcbeb1c6
Added to database: 5/21/2025, 9:09:10 AM
Last enriched: 6/26/2025, 5:44:14 AM
Last updated: 7/21/2025, 4:20:23 PM
Views: 5
Related Threats
CVE-2025-26397: CWE-502 Deserialization of Untrusted Data in SolarWinds SolarWinds Observability Self-Hosted
HighCVE-2025-8009: CWE-36 Absolute Path Traversal in cleverplugins Security Ninja – WordPress Security Plugin & Firewall
MediumCVE-2025-8107: CWE-668 Exposure of Resource to Wrong Sphere in OB OceanBase Server
MediumCVE-2025-7745: CWE-126: Buffer Over-read in ABB AC500 V2
MediumCVE-2025-41240: Vulnerability in VMware bitnamicharts/appsmith
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.