DLL Hijacking Vulnerability Allows Elevation of Privileges Without UAC Prompt
CVE-2024-6769
Key Information:
- Vendor
- Microsoft
- Status
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
- Vendor
- CVE Published:
- 26 September 2024
Badges
Summary
A DLL Hijacking vulnerability identified as CVE-2024-6769 in various Windows operating systems allows an authenticated attacker to escalate from a medium to high integrity process without a UAC prompt. The vulnerability has been exploited and is considered a serious threat as it allows privilege escalation without user intervention. The potential impact of this vulnerability is significant, as it can lead to a full system compromise. Microsoft does not consider this a vulnerability as it requires administrative access, but the risk remains for Windows users. No specific ransomware groups have been associated with this exploit.
Affected Version(s)
Windows 10 10.0.0
Windows 11 10.0.0
Windows Server 2016 10.0.0
News Articles
BankInfoSecurityCVE-2024-6769Breach Roundup: AI 'Nudify' Sites Serve Malware
This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a
3 months ago
Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.
3 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered
Vulnerability published
Vulnerability Reserved