https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 <br/></td> CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"/>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 <br/></td> CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. The specific flaw exists within the Windows Search service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
A successful attack could allow the attacker to execute arbitrary code with elevated (SYSTEM) privileges on the vulnerable system. This could lead to complete compromise of the affected system, allowing activities like data theft, deploying malware, and using the system as a launchpad for further attacks on the network.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Microsoft has released a patch to address this vulnerability. The patch details are available at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30033.
Apply the patch from Microsoft as soon as possible to remediate this vulnerability. As an interim mitigation, restrict access to the vulnerable Search Service and closely monitor system activity for any suspicious behavior.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
A CVSS base score of 7 has been assigned.
Feedly found the first article mentioning CVE-2024-30033. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-30033
This CVE started to trend in security discussions
Detection for the vulnerability has been added to Qualys (379811)
EPSS Score was set to: 0.04% (Percentile: 8.5%)
This CVE stopped trending in security discussions
This CVE started to trend in security discussions