CVE-2024-26169
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
CVSS
—
No CVSS
EPSS
4.0%
p89
KEV
YES
Jun 13, 2024
Exploit Today
77
0-100
Published: — · Last modified: —
Product
Microsoft / Windows
Vulnerability
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Added to KEV
Jun 13, 2024
Remediate by
Jul 4, 2024
Known ransomware use
Yes
Summary description
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Required action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169; https://nvd.nist.gov/vuln/detail/CVE-2024-26169