Elevation of Privilege Vulnerability Affects Windows Installer
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 10 September 2024
Badges
Summary
The September 2024 Patch Tuesday from Microsoft addresses 79 vulnerabilities, including four zero-day threats, two of which are actively exploited. One of the critical vulnerabilities is CVE-2024-38014, which is an Elevation of Privilege vulnerability affecting Windows Installer. It allows for code execution with SYSTEM privileges and affects all current versions of Windows, making it highly valuable to attackers. Additionally, other critical vulnerabilities are addressed, including remote code execution vulnerabilities in Microsoft SharePoint Server and Windows network Address Translation. Regular application of these updates is essential for safeguarding systems, maintaining compliance with security standards, and ensuring optimal performance.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38014 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.6293
Windows Server 2019 < 10.0.17763.6293
Windows Server 2019 (Server Core installation) < 10.0.17763.6293
News Articles
The Cyber Express CVSS V3.1
Timeline
- 👾
Exploit exists.
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by The Cyber Express
Vulnerability published.
Vulnerability Reserved.