Unauthorized Elevation of Privileges in Microsoft Update Catalog via Deserialization of Untrusted Data
CVE-2024-49147

9.3CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Update Catalog
Vendor: CVE Published:; 12 December 2024

Summary

The vulnerability involves the deserialization of untrusted data within the Microsoft Update Catalog. This flaw could allow an unauthorized attacker to exploit the web server hosting the catalog, potentially enabling the attacker to elevate their privileges. As a result, it poses a significant security risk for users accessing the Update Catalog, with potential implications for system integrity and user data protection.

Affected Version(s)

Microsoft Update Catalog Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2024
Vulnerability Reserved
Oct 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed