Security researchers identified a critical vulnerability in the Windows Cloud Files Mini Filter Driver (cldsync.sys) that enables local attackers to escalate privileges. The flaw is associated with the handling of file path validation during placeholder file creation. Specifically, through a Time-of-Check Time-of-Use (TOCTOU) race condition, an attacker can exploit this vulnerability to modify kernel memory paths, allowing illegitimate file operations.
To exploit this vulnerability, an attacker first establishes a communication port with the Cloud Files Filter driver and continuously alters the path string in kernel memory to reroute to system directories. Once the conditions are perfect, the driver could create files with elevated kernel-mode access, enabling attackers to write malicious libraries into protected directories. This allows them to gain SYSTEM-level privileges, posing a serious risk for Windows systems. Organizations are urged to promptly patch vulnerable installations as this method is both straightforward and reliable, potentially allowing any authenticated user to exploit the flaw.
👉 Pročitaj original: Cyber Security News
