Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2024-43626

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 12 November 2024

Summary

The vulnerability in Windows Telephony Service allows an attacker to elevate privileges on affected Windows systems. By exploiting this flaw, an unauthorized user could gain access to sensitive system-level functions, potentially leading to further exploitations within the system. The vulnerability affects various versions of Windows, including Windows 10, Windows 11, and Windows Server platforms. Users are advised to apply the latest security updates and patches provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20826

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7515

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6532

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed