1. Home
  2. Vulnerabilities
  3. CVE-2024-26169

CVE-2024-26169

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.05 % (21th)
0.05% Progress
Affected Products 14
Advisories 2
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows Error Reporting Service Elevation of Privilege Vulnerability

Weaknesses
CWE-269
Improper Privilege Management
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2024-03-12 17:15:56
(6 months ago)
Updated Date
2024-06-14 17:36:18
(3 months ago)
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Known to be Used in Ransomware Campaigns
Known
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169; https://nvd.nist.gov/vuln/detail/CVE-2024-26169
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2024-06-13
(3 months ago)
Due Date
2024-07-04
(2 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.20526 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.20526
  Microsoft Windows 10 1607 prior 10.0.14393.6796 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.6796
  Microsoft Windows 10 1809 prior 10.0.17763.5576 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.5576
  Microsoft Windows 10 21h2 prior 10.0.19044.4170 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.4170
  Microsoft Windows 10 22h2 prior 10.0.19045.4170 version cpe:2.3:o:microsoft:windows_10_22h2 < 10.0.19045.4170
  Microsoft Windows 11 21h2 prior 10.0.22000.2836 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.2836
  Microsoft Windows 11 22h2 prior 10.0.22621.3296 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.3296
  Microsoft Windows 11 23h2 prior 10.0.22631.3296 version cpe:2.3:o:microsoft:windows_11_23h2 < 10.0.22631.3296
  Microsoft Windows Server 2008 SP2 on X64 cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64
  Microsoft Windows Server 2008 SP2 on X86 cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86
  Microsoft Windows Server 2008 R2 SP1 on X64 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 cpe:2.3:o:microsoft:windows_server_2016:-
  Microsoft Windows Server 2019 prior 10.0.17763.5576 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.5576
  Microsoft Windows Server 2022 prior 10.0.20348.2333 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.2333
  Microsoft Windows Server 2022 23h2 prior 10.0.25398.763 version cpe:2.3:o:microsoft:windows_server_2022_23h2 < 10.0.25398.763