CVE-2024-26169 | THREATINT

Description

Windows Error Reporting Service Elevation of Privilege Vulnerability

Reserved 2024-02-14 | Published 2024-03-12 | Updated 2025-05-03 | Assigner microsoft

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA Known Exploited Vulnerability

Date added 2024-06-13 | Due date 2024-07-04

Known Ransomware Campaign(s)

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Problem types

CWE-269: Improper Privilege Management

Product status

10.0.17763.0 before 10.0.17763.5576

affected

10.0.0 before 10.0.17763.5576

affected

10.0.17763.0 before 10.0.17763.5576

affected

10.0.17763.0 before 10.0.17763.5576

affected

10.0.20348.0 before 10.0.20348.2340

affected

10.0.0 before 10.0.22000.2836

affected

10.0.19043.0 before 10.0.19044.4170

affected

10.0.22621.0 before 10.0.22621.3296

affected

10.0.19045.0 before 10.0.19045.4170

affected

10.0.22631.0 before 10.0.22631.3296

affected

10.0.22631.0 before 10.0.22631.3296

affected

10.0.25398.0 before 10.0.25398.763

affected

10.0.10240.0 before 10.0.10240.20526

affected

10.0.14393.0 before 10.0.14393.6796

affected

10.0.14393.0 before 10.0.14393.6796

affected

10.0.14393.0 before 10.0.14393.6796

affected

6.3.9600.0 before 6.3.9600.21871

affected

6.3.9600.0 before 6.3.9600.21871

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169 (Windows Error Reporting Service Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2024-26169)

nvd.nist.gov (CVE-2024-26169)

Download JSON