CVE-2024-38014 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Installer Improper Privilege Management Vulnerability

Exploit added

September 10, 2024

Action due

October 1, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Installer Elevation of Privilege Vulnerability

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014

Weakness Enumeration

CWE-ID	CWE Name
CWE-269	Improper Privilege Management

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.709:::::::*
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5329::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007::::::arm64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.643:::::::*
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007::::::x64:
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5329:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.25398.643:::::::*
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930::::::x64:
cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713::::::arm64:
cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713::::::x64:
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6614:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:::::::*
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007:::::::*
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20402::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6614::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6614::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20402::::::x86:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.531::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.521::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.584::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:-::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.261::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251::::datacenter::x64:*

Details

Source:
NVD

Published:
September 10, 2024

Updated:
September 12, 2024

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined