CVE-2024-30090

HIGH EXPLOITED RANSOMWARE

Microsoft Streaming Service - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2024-30090 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including Dor00tkit.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-30090, targeting a race condition in the Windows Kernel Streaming (KS) driver. The exploit manipulates KSEVENT structures to achieve local privilege escalation (LPE) by corrupting kernel memory and enabling arbitrary code execution in kernel mode.

Description

Microsoft Streaming Service Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 108 stars

by Dor00tkit · local

https://github.com/Dor00tkit/CVE-2024-30090

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-30090, targeting a race condition in the Windows Kernel Streaming (KS) driver. The exploit manipulates KSEVENT structures to achieve local privilege escalation (LPE) by corrupting kernel memory and enabling arbitrary code execution in kernel mode.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Microsoft Windows Kernel (Kernel Streaming component)

No auth needed

Prerequisites: Windows system with vulnerable KS driver · At least 2 CPU cores · Address of nt!SeDebugPrivilege

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30090

Scores

CVSS v3 7.0

EPSS 0.0197

EPSS Percentile 77.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-08-01

Ransomware Use Confirmed

CWE

CWE-119 CWE-822

Status published

Products (16)

microsoft/windows_10_1507 < 10.0.10240.20680

microsoft/windows_10_1607 < 10.0.14393.7070

microsoft/windows_10_1809 < 10.0.17763.5936

microsoft/windows_10_21h2 < 10.0.19044.4529

microsoft/windows_10_22h2 < 10.0.19045.4529

microsoft/windows_11_21h2 < 10.0.22000.3019

microsoft/windows_11_22h2 < 10.0.22621.3737

microsoft/windows_11_23h2 < 10.0.22631.3737

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

... and 6 more

Published Jun 11, 2024

Tracked Since Feb 18, 2026