https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. The specific flaw exists within the Windows Installer service. By creating a symbolic link, an attacker can abuse the service to write arbitrary registry values. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete compromise of the affected system, allowing the attacker to gain full control over the machine, potentially impacting the confidentiality, integrity, and availability of data and resources. The vulnerability has a CVSS v3.1 base score of 7.8, indicating a high severity. The impact on confidentiality, integrity, and availability is rated as HIGH.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Microsoft has issued an update to correct this vulnerability. The patch is available, and details can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158.
1. Apply the security update provided by Microsoft as soon as possible. 2. Implement the principle of least privilege to limit the potential impact of such vulnerabilities. 3. Monitor and restrict local access to systems, especially for non-administrative users. 4. Implement robust access controls and user authentication mechanisms. 5. Regularly audit and monitor system activities, particularly those involving the Windows Installer service and registry modifications.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (92128)
Feedly found the first article mentioning CVE-2024-26158. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-26158
EPSS Score was set to: 0% (Percentile: 8%)
EPSS Score was set to: 0.04% (Percentile: 7.9%)