Improper Access Control (CWE-284)
Windows Update Stack Elevation of Privilege Vulnerability. This is a local vulnerability with a low attack complexity and low privileges required. It has high impacts on confidentiality, integrity, and availability. The vulnerability has been confirmed and has an official fix available.
If exploited, this vulnerability could allow an attacker with low privileges to elevate their privileges on a Windows system. The attacker could potentially gain high-level access to confidential information, make changes to system files or settings, and disrupt system availability. Given the high impact on confidentiality, integrity, and availability, this could lead to significant compromise of the affected system.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released an official fix for this vulnerability as of November 12, 2024.
1. Apply the official patch from Microsoft as soon as possible. 2. Limit user privileges and enforce the principle of least privilege. 3. Monitor for suspicious activities, especially attempts to elevate privileges. 4. Keep Windows systems and security software up to date. 5. Implement network segmentation to limit the potential spread if a system is compromised.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Detection for the vulnerability has been added to Qualys (92186)
Feedly found the first article mentioning CVE-2024-43530. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-43530
EPSS Score was set to: 0.04% (Percentile: 10.1%)
EPSS Score was set to: 0.04% (Percentile: 10.2%)