https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. The specific flaw exists within the Office Performance Monitor executable. By creating a symbolic link, an attacker can abuse the process to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
If exploited, an attacker can escalate privileges to SYSTEM level, which gives them complete control over the affected system. This allows them to execute arbitrary code with the highest level of permissions, potentially leading to full system compromise. The attacker could delete arbitrary files, install programs, view, change, or delete data, or create new accounts with full user rights.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Microsoft has issued an update to correct this vulnerability. The patch is available, and details can be found at the Microsoft Security Response Center (MSRC) website.
1. Apply the security update provided by Microsoft as soon as possible. 2. Implement the principle of least privilege, ensuring users operate with minimal necessary permissions. 3. Monitor and restrict local access to systems, as the attack requires local access. 4. Implement robust access controls and user authentication mechanisms. 5. Regularly audit system files and monitor for unexpected changes or symbolic links. 6. Keep all Microsoft Office installations up to date with the latest security patches. 7. Use application whitelisting to control which applications can run on a system. 8. Implement and maintain a robust incident response plan in case of exploitation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (110460)
NVD published the first details for CVE-2024-26199
A CVSS base score of 7.8 has been assigned.
Feedly found the first article mentioning CVE-2024-26199. See article
Feedly estimated the CVSS score as MEDIUM
EPSS Score was set to: 0.04% (Percentile: 7.1%)