CVE-2024-21305: 
vulnerability analysis and mitigation

CVE-2024-21305 is a Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability that was initially disclosed on January 9, 2024. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.4 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability requires local access, low attack complexity, high privileges, and no user interaction. The impact primarily affects system integrity, with no impact on confidentiality or availability (AttackerKB).

The vulnerability affects system integrity with a high impact rating, while having no direct impact on system confidentiality or availability. The vulnerability specifically targets the Hypervisor-Protected Code Integrity feature, which is a security mechanism in Windows systems (MSRC).

Microsoft has released security updates to address this vulnerability across affected systems including Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2, 23H2), Windows Server 2019, and Windows Server 2022 (NVD).