Sep 2024: Windows Installer Elevation of Privilege Vulnerability
CVE-2024-38014 Published on September 10, 2024
Windows Installer Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Known Exploited Vulnerability
This Microsoft Windows Installer Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
The following remediation steps are recommended / required by October 1, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-38014
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-38014 are published in these products:
Affected Versions
Microsoft Windows 10 Version 1809:- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.20348.0 and below 10.0.20348.2700 is affected.
- Version 10.0.0 and below 10.0.22000.3197 is affected.
- Version 10.0.19043.0 and below 10.0.19044.4894 is affected.
- Version 10.0.22621.0 and below 10.0.22621.4169 is affected.
- Version 10.0.19045.0 and below 10.0.19045.4894 is affected.
- Version 10.0.22631.0 and below 10.0.22631.4169 is affected.
- Version 10.0.22631.0 and below 10.0.22631.4169 is affected.
- Version 10.0.25398.0 and below 10.0.25398.1128 is affected.
- Version 10.0.26100.0 and below 10.0.26100.1742 is affected.
- Version 10.0.10240.0 and below 10.0.10240.20766 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27320 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27320 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25073 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25073 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22175 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22175 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.