CVE-2024-35250 is a vulnerability identified in the Windows 10 Version 1809 kernel-mode driver, classified under CWE-822, which involves untrusted pointer dereference. This flaw arises when the kernel-mode driver improperly handles pointers that can be influenced by a low-privileged user, leading to the dereferencing of untrusted pointers. Such a condition can be exploited to execute arbitrary code in kernel mode, thereby elevating privileges from a limited user context to SYSTEM or kernel level. The vulnerability requires local access with low privileges (PR:L), no user interaction (UI:N), and has low attack complexity (AC:L). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that successful exploitation can fully compromise the affected system. The CVSS 3.1 score of 7.8 reflects these factors. The affected product is Windows 10 Version 1809, specifically build 17763.0. As of the publication date (June 11, 2024), no known exploits have been reported in the wild, and no official patches have been linked, though Microsoft is likely to release updates. The vulnerability is significant because kernel-mode code execution can bypass most security controls, allowing attackers to install persistent malware, disable security features, or steal sensitive data. This vulnerability is particularly relevant for environments where legacy Windows 10 1809 systems remain in use, including industrial, governmental, and enterprise networks.

The impact of CVE-2024-35250 is substantial for organizations still running Windows 10 Version 1809. Successful exploitation allows attackers with limited local privileges to escalate to kernel-level privileges, effectively gaining full control over the system. This can lead to unauthorized access to sensitive information, installation of persistent malware, disabling of security mechanisms, and potential lateral movement within networks. The high confidentiality, integrity, and availability impacts mean that critical systems could be compromised, data exfiltrated, or systems rendered inoperable. Since the vulnerability requires local access, insider threats or attackers who have already compromised a low-privileged account pose the greatest risk. Organizations with legacy systems in sectors such as government, healthcare, finance, and critical infrastructure are particularly vulnerable. The lack of known exploits in the wild currently reduces immediate risk but also means attackers may develop exploits once patches are released, increasing urgency for mitigation.

1. Apply official Microsoft security updates as soon as they become available for Windows 10 Version 1809 to address this vulnerability. 2. Restrict local user access on systems running Windows 10 1809 by enforcing the principle of least privilege and disabling unnecessary local accounts. 3. Use endpoint detection and response (EDR) tools capable of monitoring kernel-mode activity to detect anomalous behavior indicative of exploitation attempts. 4. Implement application whitelisting and code integrity policies to prevent unauthorized code execution in kernel mode. 5. Regularly audit and harden system configurations to minimize attack surface, including disabling unused services and features. 6. Consider upgrading legacy Windows 10 1809 systems to supported versions with ongoing security updates to reduce exposure. 7. Monitor security advisories from Microsoft and CISA for updates on patches and exploitation trends. 8. Employ network segmentation to limit the spread of an attacker who gains local access on one machine. These steps go beyond generic advice by focusing on proactive access control, monitoring kernel-level activity, and prioritizing patch management for legacy systems.