CVE-2024-37985: 
vulnerability analysis and mitigation

Windows Kernel Information Disclosure Vulnerability (CVE-2024-37985) is a security flaw affecting Microsoft Windows systems. The vulnerability was initially recorded on June 10, 2024, and was publicly disclosed on September 17, 2024. This vulnerability specifically affects Windows 11 version 22H2 and 23H2 ARM64 systems (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.6 (Medium) by NIST and 5.9 (Medium) by Microsoft. The vulnerability's attack vector is Local (AV:L), requiring high attack complexity (AC:H) with no user interaction (UI:N). The scope is classified as Changed (S:C), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N). The vulnerability has been classified under CWE-1037 (Processor Optimization Removal or Modification of Security-critical Code) by Microsoft (NVD).

This vulnerability could potentially lead to information disclosure if successfully exploited. The vulnerability specifically affects the Windows Kernel and could allow an attacker to obtain sensitive information from the affected system (CVE).

Microsoft has released security updates to address this vulnerability. The fixes are available for affected systems through KB5040442 for both Windows 11 version 22H2 and 23H2 ARM64 systems (Rapid7).