CVE-2024-26169
Published: 12 March 2024
Summary
CVE-2024-26169 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
Windows Error Reporting Service contains an elevation of privilege vulnerability tracked as CVE-2024-26169. The flaw affects the Windows Error Reporting Service component and carries a CVSS 3.1 base score of 7.8 with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, corresponding to CWE-269.
An attacker with local access and low privileges can exploit the issue without user interaction to obtain full control over confidentiality, integrity, and availability on the affected system, effectively escalating to higher privileges.
Microsoft has published remediation guidance through its Security Response Center, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, confirming active exploitation in the wild. The associated EPSS score has remained near 0.35 with only minimal variation between its current and peak values.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-23445
Vulnerability details
Windows Error Reporting Service Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 13 June 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor-supplied security update that removes the EoP flaw in the Windows Error Reporting Service.
Enforces least-privilege restrictions on local accounts so that a low-privileged attacker starts with fewer rights before attempting service exploitation.
Enforces access-control decisions on the Error Reporting Service process and its interfaces, limiting the ability of an unauthorized local subject to elevate privileges.