Windows App Installer Spoofing Vulnerability Allows Elevation of Privilege
CVE-2024-38177

7.8HIGH

Key Information:

Vendor: Microsoft
Status: App Installer
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-38177?

The vulnerability in the Windows App Installer allows an attacker to potentially spoof application identities by manipulating how the installer identifies its source. This could enable the execution of malicious applications under the guise of trusted applications. Users should be aware of the risks associated with downloading applications from unverified sources and ensure their systems are updated to the latest versions to mitigate this risk.

Affected Version(s)

App Installer Unknown 1.0.0.0 < 1.22.11261.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 11, 2024

Microsoft

What is CVE-2024-38177?

Affected Version(s)

References

CVSS V3.1

Timeline