Elevation of Privilege Vulnerability Affects Windows
CVE-2024-26169
Key Information:
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 12 March 2024
Badges
What is CVE-2024-26169?
CVE-2024-26169 is an elevation of privilege vulnerability that affects the Windows operating system, specifically its Error Reporting Service. This vulnerability could allow an attacker with access to the system to gain elevated permissions, potentially compromising the integrity and confidentiality of the system. Organizations relying on Windows for critical operations may face significant risks, including unauthorized modifications to system configurations and access to sensitive data.
Technical Details
The vulnerability resides within the Windows Error Reporting Service, which is responsible for collecting and reporting errors that occur within the operating system and applications. By exploiting CVE-2024-26169, attackers can manipulate this service to execute code with higher privileges than normally permitted, which can lead to severe impacts on system security. The specifics of the exploit are related to improper validation of user inputs or system calls, allowing attackers to bypass security mechanisms.
Impact of the Vulnerability
-
Unauthorized Access: Attackers can gain elevated privileges, allowing them to perform actions typically restricted to system administrators or high-level users.
-
Data Compromise: The ability to escalate privileges could lead to unauthorized access to sensitive information, risking data breaches that may affect both the organization and its customers.
-
System Integrity Risks: Exploitation of this vulnerability can enable malicious actors to modify system settings or install unauthorized software, compromising the overall security posture of the affected systems.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20526
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.6796
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5576
News Articles
CISA warns of Windows bug exploited in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.
7 months ago
Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day
The Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched.
7 months ago
HackreadCVE-2024-26169Black Basta Ransomware Suspected of Exploiting Windows 0-day Before Patch
The Black Basta ransomware group is believed to have taken advantage of a zero-day exploit (CVE-2024-26169) before Microsoft released a fix.
7 months ago
References
CVSS V3.1
Timeline
- π
Vulnerability started trending
- π¦
CISA Reported
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by dailydarkweb.net
Vulnerability published
Vulnerability Reserved