DLL Hijacking Vulnerability Allows Elevation of Privileges Without UAC Prompt
CVE-2024-6769
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 26 September 2024
Badges
What is CVE-2024-6769?
A DLL Hijacking vulnerability identified as CVE-2024-6769 in various Windows operating systems allows an authenticated attacker to escalate from a medium to high integrity process without a UAC prompt. The vulnerability has been exploited and is considered a serious threat as it allows privilege escalation without user intervention. The potential impact of this vulnerability is significant, as it can lead to a full system compromise. Microsoft does not consider this a vulnerability as it requires administrative access, but the risk remains for Windows users. No specific ransomware groups have been associated with this exploit.
Affected Version(s)
Windows 10 10.0.0
Windows 11 10.0.0
Windows Server 2016 10.0.0
News Articles
BankInfoSecurityCVE-2024-6769Breach Roundup: AI 'Nudify' Sites Serve Malware
This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a
Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.
References
EPSS Score
21% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered
Vulnerability published
Vulnerability Reserved