CVE-2024-21345: 
vulnerability analysis and mitigation

Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21345) was initially disclosed on February 13, 2024. This vulnerability affects Microsoft Windows Server 2022 23H2 versions up to (excluding) 10.0.25398.709. The vulnerability was assigned by Microsoft Corporation and has been classified with a CVSS v3.1 base score of 8.8 (HIGH) (NVD, MITRE).

The vulnerability has been classified as a Heap-based Buffer Overflow (CWE-122) according to Microsoft's assessment. It has received a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating local access requirements with low attack complexity and privilege requirements, no user interaction needed, and high impacts on confidentiality, integrity, and availability (NVD).

This elevation of privilege vulnerability in the Windows Kernel could allow an attacker to gain heightened system privileges. The high severity score (8.8) and impact ratings (H:H:H) indicate that successful exploitation could result in complete compromise of system confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. The fix is available through KB5034769 for affected Windows Server 2022 23H2 systems (Rapid7).