https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 <br/></td> CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"/>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 <br/></td> CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"/>

Exploit
CVE-2024-30033

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: May 14, 2024

010
CVSS 7EPSS 0.05%High
CVE info copied to clipboard

Summary

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. The specific flaw exists within the Windows Search service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

Impact

A successful attack could allow the attacker to execute arbitrary code with elevated (SYSTEM) privileges on the vulnerable system. This could lead to complete compromise of the affected system, allowing activities like data theft, deploying malware, and using the system as a launchpad for further attacks on the network.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Microsoft has released a patch to address this vulnerability. The patch details are available at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30033.

Mitigation

Apply the patch from Microsoft as soon as possible to remediate this vulnerability. As an interim mitigation, restrict access to the vulnerable Search Service and closely monitor system activity for any suspicious behavior.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 7 has been assigned.

May 14, 2024 at 5:00 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-30033. See article

May 14, 2024 at 5:03 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

May 14, 2024 at 5:05 PM
CVE Assignment

NVD published the first details for CVE-2024-30033

May 14, 2024 at 5:17 PM
Trending

This CVE started to trend in security discussions

May 15, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379811)

May 15, 2024 at 5:15 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 8.5%)

May 15, 2024 at 9:25 AM
Trending

This CVE stopped trending in security discussions

May 15, 2024 at 8:39 PM
Trending

This CVE started to trend in security discussions

May 17, 2024 at 6:13 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-451/
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

News

Peek into Monthly Vulnerabilities: May 2024
Mitigation: Users and administrators may apply relevant Microsoft security updates, and subject to strict access controls and periodic system audits, the detection and prevention of unauthorized file manipulations become possible. Description: CVE-2024-30033 is a Windows Search Service elevation of privilege vulnerability that allows file deletion manipulation by the attacker.
信息安全漏洞周报(2024年第21期)
点击蓝字 关注我们根据国家信息安全漏洞库(CNNVD)统计,本周(2024年5月13日至2024年5月19日) […]
Government issues ‘important’ advisory for Windows, Office and other Microsoft products - The Times of India
According to the report, “Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, bypass security restrictions, conduct spoofing attacks, conduct tampering attacks, or cause denial of service conditions.” In the latest post, the government body has reported finding multiple vulnerabilities in Microsoft products and classified them as ‘High’ severity.
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. In March 2024, Kaspersky revealed that threat actors are attempting to actively exploit now-patched privilege escalation flaws in various Windows components owing to the fact that “it’s a very easy way to get a quick NT AUTHORITYSYSTEM.”
WARNING: MICROSOFT PATCH TUESDAY MAY 2024 PATCHES 59 VULNERABILITIES (1 CRITICAL, 57 IMPORTANT, 1 MODERATE), PATCH IMMEDIATELY!!
The vulnerability is exploited in the wild and was assigned a CVSSv3 score of 8.8 rated as important. This vulnerability is rated as “Exploitation Less Likely” according to Microsoft and was assigned a CVSSv3 score of 7.0.
See 59 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI