September 12, 2024 at 07:39AM
Microsoft warned users of a Windows Installer flaw, CVE-2024-38014, allowing for SYSTEM-level privilege escalation via an .msi file, exploited in the wild. Security firm SEC Consult disclosed the flaw and released msiscan, an open source tool to detect vulnerable files. Microsoft patched the vulnerability in its latest Patch Tuesday update after a delay.
Based on the meeting notes, the key takeaways are:
– Microsoft alerted users to a vulnerability in Windows Installer that allows attackers to gain SYSTEM-level privileges on a PC.
– The vulnerability, identified as CVE-2024-38014, was disclosed by security shop SEC Consult, and an open source tool called “msiscan” has been developed to scan for exploitable Installer files.
– Microsoft has released a patch to address the vulnerability, but there may be a significant number of users who have not yet applied the patch.
– The exploit involves a complex process where a low privileged user opens an Installer package to repair some already-installed code on a vulnerable Windows system, which can be abused to elevate local privileges.
Admin access is required to manually check each installer package for exploitation, making the msiscan tool a valuable resource for identifying and addressing the vulnerability.
It is important for users to apply the Microsoft patch to protect their systems from potential exploitation.