7.8
CVE-2024-38014
- EPSS 9.57%
- Veröffentlicht 10.09.2024 17:15:20
- Zuletzt bearbeitet 27.01.2025 21:38:24
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
Windows Installer Elevation of Privilege Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1507 HwPlatformx64 Version < 10.0.10240.20766
Microsoft ≫ Windows 10 1507 HwPlatformx86 Version < 10.0.10240.20766
Microsoft ≫ Windows 10 1607 HwPlatformx64 Version < 10.0.14393.7336
Microsoft ≫ Windows 10 1607 HwPlatformx86 Version < 10.0.14393.7336
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.6293
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.4894
Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.4894
Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.3197
Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.4169
Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.4169
Microsoft ≫ Windows 11 24h2 Version < 10.0.26100.1742
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64
Microsoft ≫ Windows Server 2012 Version- HwPlatformx64
Microsoft ≫ Windows Server 2012 Versionr2 HwPlatformx64
Microsoft ≫ Windows Server 2016 Version < 10.0.14393.7336
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.6293
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2700
Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1128
10.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Installer Improper Privilege Management Vulnerability
SchwachstelleMicrosoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.57% | 0.925 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.