Windows Libarchive Remote Code Execution Vulnerability
CVE-2024-43495

7.3HIGH

Key Information:

Vendor

Microsoft
Status
Windows 11 Version 22h2
Windows 11 Version 22h3
Windows 11 Version 23h2
Windows Server 2022, 23h2 Edition (server Core Installation)
Vendor
CVE Published:
10 September 2024

What is CVE-2024-43495?

A remote code execution vulnerability exists in Windows libarchive that can be exploited by an attacker to execute arbitrary code on the affected system. This vulnerability arises due to improper handling of specific input within the libarchive component, which processes archive files. Successfully exploiting this vulnerability could enable attackers to run potentially malicious code with the same privileges as the user running the affected application. The impact can lead to severe security issues, including unauthorized actions and data breaches. Organizations utilizing impacted Windows versions should review security patches provided by Microsoft to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Windows 11 version 22H2 ARM64-based Systems 10.0.0 < 10.0.22621.3880

Windows 11 version 22H3 ARM64-based Systems 10.0.0 < 10.0.22631.3880

Windows 11 Version 23H2 x64-based Systems 10.0.0 < 10.0.22621.3880

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.