7.8
CVE-2024-38014
- EPSS 9.57%
- Published 10.09.2024 17:15:20
- Last modified 27.01.2025 21:38:24
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Windows Installer Elevation of Privilege Vulnerability
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1507 HwPlatformx64 Version < 10.0.10240.20766
Microsoft ≫ Windows 10 1507 HwPlatformx86 Version < 10.0.10240.20766
Microsoft ≫ Windows 10 1607 HwPlatformx64 Version < 10.0.14393.7336
Microsoft ≫ Windows 10 1607 HwPlatformx86 Version < 10.0.14393.7336
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.6293
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.4894
Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.4894
Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.3197
Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.4169
Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.4169
Microsoft ≫ Windows 11 24h2 Version < 10.0.26100.1742
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64
Microsoft ≫ Windows Server 2012 Version- HwPlatformx64
Microsoft ≫ Windows Server 2012 Versionr2 HwPlatformx64
Microsoft ≫ Windows Server 2016 Version < 10.0.14393.7336
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.6293
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2700
Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1128
10.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Installer Improper Privilege Management Vulnerability
VulnerabilityMicrosoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.
DescriptionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.57% | 0.925 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.