CVE-2024-37979: 
vulnerability analysis and mitigation

Windows Kernel Elevation of Privilege Vulnerability identified as CVE-2024-37979 affects multiple versions of Microsoft Windows Server, including Server 2012, 2012 R2, 2016, 2019, and 2022. The vulnerability was disclosed on October 8, 2024, and received its initial analysis from NIST on October 16, 2024 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Microsoft assessed it with a score of 6.7 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-822 (Untrusted Pointer Dereference) by Microsoft (NVD).

This vulnerability could allow an attacker to gain elevated privileges on affected systems. The high CVSS scores indicate potential severe impacts on system confidentiality, integrity, and availability when successfully exploited (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available for affected versions: Windows Server 2012 and R2, Server 2016 (versions before 10.0.14393.7428), Server 2019 (versions before 10.0.17763.6414), and Server 2022 (versions before 10.0.20348.2762) (NVD).