About that Windows Installer 'make me admin' security hole. How it's exploited
Microsoft patched a critical Windows Installer vulnerability, CVE-2024-38014, allowing privilege escalation. SEC Consult released a tool to identify vulnerable files, urging users to apply the patch promptly.
Read original article
Microsoft has addressed a significant security vulnerability in Windows Installer, identified as CVE-2024-38014, which allows malware or unauthorized users to gain SYSTEM-level privileges on a PC. This flaw was discovered by SEC Consult and has been actively exploited. The vulnerability arises when a low-privileged user attempts to repair an application using an Installer package, creating a brief window of opportunity for an attacker to hijack the process. By manipulating the repair process, an attacker can execute commands with elevated privileges. SEC Consult has released an open-source tool, msiscan, to help users identify exploitable Installer files. Although Microsoft has issued a patch, many users may not apply it immediately, leaving systems vulnerable. The attack is not effective with recent versions of the Edge browser or Internet Explorer, and specific conditions must be met for exploitation. Users are advised to scan their systems and apply the patch to mitigate risks.
- Microsoft has patched a critical vulnerability in Windows Installer that allows privilege escalation.
- The flaw, CVE-2024-38014, can be exploited by low-privileged users during application repair processes.
- SEC Consult has provided an open-source tool to identify vulnerable Installer files.
- The vulnerability is actively being exploited, emphasizing the need for immediate action from users.
- Not all .msi files are exploitable, and specific browser conditions affect the attack's success.
Related
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warns of a critical TCP/IP vulnerability (CVE-2024-38063) affecting all IPv6-enabled Windows systems, allowing remote code execution. Users should prioritize patching to mitigate risks, as the exploit is wormable.
Microsoft begins cracking down on people dodging Windows 11 system requirements
Microsoft is enforcing Windows 11's system requirements by patching the "/product server" exploit, limiting installations on unsupported hardware. User reactions are mixed, with some frustrated and others supportive.
Keyhole – Forge own Windows Store licenses
A newly discovered exploit named "Keyhole" allows bypassing Microsoft's Client Licensing Platform, enabling unauthorized license creation for Microsoft products. Researchers shared their findings after Cisco TALOS reported the vulnerability.
1 commentsRelated
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warns of a critical TCP/IP vulnerability (CVE-2024-38063) affecting all IPv6-enabled Windows systems, allowing remote code execution. Users should prioritize patching to mitigate risks, as the exploit is wormable.
Microsoft begins cracking down on people dodging Windows 11 system requirements
Microsoft is enforcing Windows 11's system requirements by patching the "/product server" exploit, limiting installations on unsupported hardware. User reactions are mixed, with some frustrated and others supportive.
Keyhole – Forge own Windows Store licenses
A newly discovered exploit named "Keyhole" allows bypassing Microsoft's Client Licensing Platform, enabling unauthorized license creation for Microsoft products. Researchers shared their findings after Cisco TALOS reported the vulnerability.