Skip to main content

CVE-2024-26245: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1507

High
VulnerabilityCVE-2024-26245cvecve-2024-26245cwe-125
Published: Tue Apr 09 2024 (04/09/2024, 17:00:58 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Windows 10 Version 1507

Description

Windows SMB Elevation of Privilege Vulnerability

AI-Powered Analysis

AILast updated: 06/26/2025, 05:44:14 UTC

Technical Analysis

CVE-2024-26245 is a high-severity vulnerability identified in Microsoft Windows 10 Version 1507 (build 10.0.10240.0), specifically involving an out-of-bounds read (CWE-125) within the Server Message Block (SMB) protocol implementation. This vulnerability allows an attacker with limited privileges (low-level privileges) and local access to the system to exploit the flaw without requiring user interaction. The vulnerability arises due to improper bounds checking in SMB processing code, which can lead to reading memory outside the intended buffer boundaries. This out-of-bounds read can result in elevation of privilege by leaking sensitive information or corrupting memory, potentially allowing the attacker to execute arbitrary code with elevated privileges. The CVSS v3.1 base score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), low attack complexity (AC:L), and requiring privileges (PR:L) but no user interaction (UI:N). The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component without impacting other system components. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a significant risk for affected systems, especially since Windows 10 Version 1507 is an early release and may still be in use in legacy or specialized environments. No official patches or mitigations have been linked yet, indicating that affected organizations must prioritize risk assessment and interim protective measures.

Potential Impact

For European organizations, the impact of CVE-2024-26245 is considerable, particularly for those still operating legacy Windows 10 Version 1507 systems. The vulnerability can lead to unauthorized privilege escalation, enabling attackers to gain higher-level access and potentially compromise sensitive data, disrupt services, or deploy further malware. This is especially critical in sectors with stringent data protection requirements such as finance, healthcare, and government institutions. The SMB protocol is widely used for file sharing and network communications, so exploitation could facilitate lateral movement within corporate networks, increasing the risk of widespread compromise. Given the vulnerability requires local access and low privileges, insider threats or attackers who have gained initial footholds could leverage this flaw to escalate privileges rapidly. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as proof-of-concept exploits could emerge. Organizations relying on legacy Windows 10 versions may face compliance challenges under GDPR and other regulations if breaches occur due to unpatched vulnerabilities.

Mitigation Recommendations

1. Immediate inventory and identification of all systems running Windows 10 Version 1507 (build 10.0.10240.0) to assess exposure. 2. Where possible, upgrade affected systems to a supported and fully patched version of Windows 10 or later, as this version is outdated and no longer supported with security updates. 3. Implement strict access controls to limit local access to systems, including enforcing least privilege principles and restricting administrative rights. 4. Employ network segmentation to isolate legacy systems and limit SMB traffic to only trusted devices and networks, reducing the attack surface. 5. Monitor local system logs and SMB-related events for unusual activity that could indicate exploitation attempts. 6. Use endpoint detection and response (EDR) tools capable of detecting anomalous privilege escalation behaviors. 7. Until patches are available, consider disabling SMBv1 or restricting SMB protocol usage if legacy applications allow, as SMBv1 is often associated with vulnerabilities and legacy versions. 8. Educate internal users about the risks of local privilege escalation and enforce strong physical security controls to prevent unauthorized local access. 9. Stay informed on Microsoft advisories for any forthcoming patches or mitigations related to this CVE.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2024-02-15T00:57:49.360Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9836c4522896dcbeb1c6

Added to database: 5/21/2025, 9:09:10 AM

Last enriched: 6/26/2025, 5:44:14 AM

Last updated: 7/24/2025, 9:31:56 AM

Views: 6

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats