Cyber Resilience

CVE-2024-26169

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linkedLPE

Published: 12 March 2024

Published
12 March 2024
Modified
28 October 2025
KEV Added
13 June 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3458 97.1th percentile
Risk Priority 56 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-26169 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

Windows Error Reporting Service contains an elevation of privilege vulnerability tracked as CVE-2024-26169. The flaw affects the Windows Error Reporting Service component and carries a CVSS 3.1 base score of 7.8 with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, corresponding to CWE-269.

An attacker with local access and low privileges can exploit the issue without user interaction to obtain full control over confidentiality, integrity, and availability on the affected system, effectively escalating to higher privileges.

Microsoft has published remediation guidance through its Security Response Center, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, confirming active exploitation in the wild. The associated EPSS score has remained near 0.35 with only minimal variation between its current and peak values.

EU & UK References

Vulnerability details

Windows Error Reporting Service Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
13 June 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20526
microsoft
windows 10 1607
≤ 10.0.14393.6796 · ≤ 10.0.14393.6796
microsoft
windows 10 1809
≤ 10.0.17763.5576 · ≤ 10.0.17763.5576 · ≤ 10.0.17763.5576
microsoft
windows 10 21h2
≤ 10.0.19044.4170
microsoft
windows 10 22h2
≤ 10.0.19045.4170
microsoft
windows 11 21h2
≤ 10.0.22000.2836
microsoft
windows 11 22h2
≤ 10.0.22621.3296
microsoft
windows 11 23h2
≤ 10.0.22631.3296
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
r2
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor-supplied security update that removes the EoP flaw in the Windows Error Reporting Service.

prevent

Enforces least-privilege restrictions on local accounts so that a low-privileged attacker starts with fewer rights before attempting service exploitation.

prevent

Enforces access-control decisions on the Error Reporting Service process and its interfaces, limiting the ability of an unauthorized local subject to elevate privileges.

References