CVE-2024-35270 is a vulnerability identified in the Microsoft Windows iSCSI service on Windows 10 Version 1809 (build 10.0.17763.0). The flaw is categorized under CWE-400, indicating uncontrolled resource consumption. Specifically, the iSCSI service can be forced into a denial of service (DoS) state by an attacker who can remotely send crafted requests that cause the service to consume excessive system resources, such as memory or CPU cycles, leading to service degradation or system unavailability. The attack does not require any authentication or user interaction, but the attack complexity is high, meaning it is not trivial to exploit. The vulnerability affects only the availability aspect of the system’s security posture, with no impact on confidentiality or integrity. The CVSS v3.1 base score is 5.3, reflecting a medium severity level. No public exploits or active exploitation in the wild have been reported to date. The vulnerability was reserved in May 2024 and published in July 2024. Microsoft has not yet provided a patch link, indicating that remediation may still be pending or in progress. The iSCSI service is commonly used for storage networking, so environments utilizing iSCSI for SAN connectivity are at risk. The vulnerability’s presence in an older Windows 10 version (1809) suggests that systems not updated to newer versions remain vulnerable.

For European organizations, the primary impact is service disruption due to denial of service conditions caused by resource exhaustion in the iSCSI service. This can affect availability of storage networks relying on iSCSI, potentially leading to downtime of critical applications and data access interruptions. Industries with heavy reliance on storage area networks, such as finance, healthcare, manufacturing, and public sector entities, could experience operational impacts. Since the vulnerability does not affect confidentiality or integrity, data breaches or unauthorized data modification are not direct concerns. However, availability loss can indirectly affect business continuity and compliance with regulations like GDPR if critical services are interrupted. The medium severity and high attack complexity reduce the likelihood of widespread exploitation, but legacy systems still pose a risk. Organizations running Windows 10 1809 in production, especially those with iSCSI enabled and exposed to untrusted networks, are at higher risk.

1. Apply Microsoft patches promptly once they become available for Windows 10 Version 1809 to remediate the vulnerability. 2. If patching is not immediately possible, consider disabling the iSCSI service on affected systems if it is not required for business operations. 3. Restrict network access to the iSCSI service by implementing firewall rules that limit incoming connections to trusted hosts and networks only. 4. Monitor network traffic for unusual or unexpected iSCSI requests that could indicate attempted exploitation. 5. Plan and execute an upgrade strategy to move legacy Windows 10 1809 systems to supported, updated versions of Windows 10 or Windows 11 to reduce exposure to known vulnerabilities. 6. Conduct regular vulnerability assessments and penetration testing focused on storage networking components to identify and remediate weaknesses. 7. Implement robust incident response procedures to quickly detect and mitigate denial of service conditions impacting storage services.