Cyber Resilience

CVE-2024-38014

HighCISA KEVActive ExploitationEUVD ExploitedLPE

Published: 10 September 2024

Published
10 September 2024
Modified
28 October 2025
KEV Added
10 September 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1283 94.2th percentile
Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38014 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 5.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

Windows Installer, a core component of Microsoft Windows responsible for installing, updating, and removing software packages, contains an elevation of privilege vulnerability tracked as CVE-2024-38014. The flaw stems from improper privilege management (CWE-269) and carries a CVSS 3.1 score of 7.8, reflecting local attack vector, low complexity, and low privileges required to achieve full confidentiality, integrity, and availability impact on an affected system.

A local attacker with a standard user account can exploit the issue without user interaction to obtain elevated privileges, potentially allowing arbitrary code execution with administrative rights and full control over the target host. Exploitation requires the ability to run code or trigger an installer operation on the system, after which the attacker can leverage the resulting privileges for further actions such as persistence, credential access, or lateral movement.

Microsoft's security update guide and the September 2024 security release provide patches that address the vulnerability; organizations should apply the relevant Windows updates promptly. The flaw is also listed in CISA's Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild and underscoring the need for immediate remediation.

The associated EPSS score has remained flat at 0.1283 with no material increase since disclosure.

EU & UK References

Vulnerability details

Windows Installer Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
10 September 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20766 · ≤ 10.0.10240.20766
microsoft
windows 10 1607
≤ 10.0.14393.7336 · ≤ 10.0.14393.7336
microsoft
windows 10 1809
≤ 10.0.17763.6293
microsoft
windows 10 21h2
≤ 10.0.19044.4894
microsoft
windows 10 22h2
≤ 10.0.19045.4894
microsoft
windows 11 21h2
≤ 10.0.22000.3197
microsoft
windows 11 22h2
≤ 10.0.22621.4169
microsoft
windows 11 23h2
≤ 10.0.22631.4169
microsoft
windows 11 24h2
≤ 10.0.26100.1742
microsoft
windows server 2008
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the CWE-269 improper privilege management flaw by restricting processes and users to only the privileges required, blocking the local EoP path in Windows Installer.

prevent

Enforces access control policies at the OS level so that low-privileged authenticated users cannot obtain unauthorized elevation through the installer vulnerability.

prevent

Requires timely application of vendor patches for the known exploited Windows Installer flaw, eliminating the vulnerable code before local attackers can exploit it.

References