DLL Hijacking Vulnerability Allows Elevation of Privileges Without UAC Prompt

CVE-2024-6769
6.7MEDIUM

Key Information

Vendor
Microsoft
Status
Windows 10
Windows 11
Windows Server 2016
Windows Server 2019
Vendor
CVE Published:
26 September 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A DLL Hijacking vulnerability identified as CVE-2024-6769 in various Windows operating systems allows an authenticated attacker to escalate from a medium to high integrity process without a UAC prompt. The vulnerability has been exploited and is considered a serious threat as it allows privilege escalation without user intervention. The potential impact of this vulnerability is significant, as it can lead to a full system compromise. Microsoft does not consider this a vulnerability as it requires administrative access, but the risk remains for Windows users. No specific ransomware groups have been associated with this exploit.

Affected Version(s)

Windows 10 <= 10.0.0

Windows 11 <= 10.0.0

Windows Server 2016 <= 10.0.0

News Articles

favicon imageBankInfoSecurity

Breach Roundup: AI 'Nudify' Sites Serve Malware

This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a

2 months ago

favicon image

Novel Exploit Chain Enables Windows UAC Bypass

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.

2 months ago

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • First article discovered by null

  • Risk change from: null to: 6.7 - (MEDIUM)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database2 News Article(s)

Credit

Ricardo Narvaja
Nicolás Economou
.