Windows CSC Service Elevation of Privilege Vulnerability
CVE-2024-26229
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 9 April 2024
Badges
Summary
The CVE-2024-26229 vulnerability in the Windows CSC Service is being exploited with proof-of-concept (PoC) exploit code available on GitHub. This high-severity vulnerability could allow attackers to gain SYSTEM privileges on a Windows system, posing a significant risk. This type of elevation of privilege flaw can lead to severe security breaches, and there is potential for it to be used by threat actors, although it is not specified if ransomware groups are involved. It is crucial for users to apply the patch released by Microsoft to mitigate the risk of exploitation.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.5696
Windows Server 2019 < 10.0.17763.5696
Windows Server 2019 (Server Core installation) < 10.0.17763.5696
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
@SecurelistAnalyzing the vulnerability landscape in Q2 2024
The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024.
4 months ago
vncs.vnCVE-2024-26229News
Event SOC Congratulations on the...
6 months ago
Refferences
CVSS V3.1
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
First article discovered by vncs.vn
Vulnerability published
Vulnerability Reserved