Windows Registry Service Elevation of Privilege Vulnerability

Summary

The vulnerability identified as CVE-2024-43532 affects the Windows Registry service, allowing for an elevation of privilege. Exploit code for this vulnerability has been made public, and it enables attackers to take control of a Windows domain by downgrading the security of the authentication process. This flaw affects multiple versions of Windows server software, as well as Windows 10 and 11. Exploiting CVE-2024-43532 could lead to the creation of new domain administrator accounts, and it has been used in a NTLM relay attack by threat actors, including the LockFile ransomware gang. The vulnerability was initially reported to Microsoft in February, with a fix released three months later. The release of a working proof-of-concept and exploitation process demonstrates the potential severity of this vulnerability, highlighting the need for vigilance and mitigation efforts.

News Articles

BleepingComputer

CVE-2024-43532

Exploit released for new Windows Server "WinReg" NTLM Relay attack

Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process.

1 month ago

CyberSecurityNews

CVE-2024-43532

Windows Remote Registry Client EoP Flaw Exposes Systems to Relay Attacks

A critical elevation of privilege (EoP) vulnerability, identified as CVE-2024-43532, has been discovered in the Windows Remote Registry client. This vulnerability potentially allows attackers to relay NTLM authentication and gain unauthorized access to Windows systems.

1 month ago