Elevation of Privilege Vulnerability Affects Windows Search Service
CVE-2024-30033

7HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2022; Windows 11 Version 21h2; Windows 10 Version 21h2; Windows 10 Version 22h2
Vendor: CVE Published:; 14 May 2024

Badges

📰 News Worthy

What is CVE-2024-30033?

The Windows Search Service contains a vulnerability that allows an attacker to elevate privileges within the system. By exploiting this vulnerability, an unauthorized user could gain elevated permissions which may lead to unauthorized access to sensitive data or system functions. This could entail significant risks regarding data integrity and confidentiality. Implementing the latest security updates from Microsoft is crucial to mitigate exposure to this vulnerability.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.4412

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.4412

Windows 11 version 21H2 x64-based Systems 10.0.0 < 10.0.22000.2960

News Articles

SystemTek

CVE-2024-30033 CVE-2024-30034

SystemTek - Technology news and information

CVE number = CVE-2024-30033 CVSS Score = 7.0 This vulnerability allows local attackers to escalate privileges on affected installations of Read More CVE number = CVE-2024-30034 CVSS Score = 8.4 This...

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
📰
First article discovered by SystemTek
Mar 29, 2024
Vulnerability Reserved
Mar 22, 2024