#CVE202438014

About that Windows Installer ‘make me admin’ security hole. Here’s how it’s exploited

by

September 12, 2024 at 07:39AM Microsoft warned users of a Windows Installer flaw, CVE-2024-38014, allowing for SYSTEM-level privilege escalation via an .msi file, exploited in the wild. Security firm SEC Consult disclosed the flaw and released msiscan, an open source tool to detect vulnerable files. Microsoft patched the vulnerability in its latest Patch Tuesday update … Read more

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

by

September 11, 2024 at 03:45AM Microsoft disclosed three new security flaws impacting the Windows platform, with 79 vulnerabilities addressed in the September 2024 Patch Tuesday update. Seven are rated Critical, 71 Important, and one Moderate. Exploited vulnerabilities include CVE-2024-38014, CVE-2024-38217, and CVE-2024-38226. Additional security updates were released by various vendors to address vulnerabilities. Based on … Read more