Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Security updates affect Windows 10, 11 and server versions.
Microsoft has released updates for a number of Windows products, eliminating the CVE-2024-43629 vulnerability identified by a specialist from the Positive Technologies Security Expert Center. The updates cover Windows 10, Windows 11, as well as server versions - Windows Server 2025, Windows Server 2022 and Windows Server 2019. The vulnerability has a CVSS 3.1 score of 7.8, which indicates a high level of severity.
A Positive Technologies expert explained that this type of vulnerability — LPE (Local Privilege Escalation) — allows an attacker who gains access to the victim's device to escalate privileges, which can lead to system hijacking and further development of the attack. The vulnerability was discovered as part of a regular analysis of popular applications, and information about it was promptly transferred to the developer as part of responsible disclosure. Microsoft fixed the issue in a short time, and users are urged to install updates as soon as possible.
The vulnerability could allow an attacker to escalate user privileges to the system level. In the experience of PT Expert Security Center, this technique is used by attackers to gain access to the most critical components of the system and, as a rule, is a necessary stage for the further development of the attack.
Earlier, in 2017, PT Expert Security Center also discovered and helped Microsoft fix a similar vulnerability (CVE-2017-0263) in Windows 10 and earlier. At that time, the vulnerability was used by attackers in phishing emails identified during the monitoring of cyberthreats. This flaw allowed attackers to gain maximum privileges on workstations and servers running Windows 10, 8.1, 7, Server 2008, Server 2012, and Server 2016. To exploit the vulnerability, attackers first had to log in.
Source
Microsoft has released updates for a number of Windows products, eliminating the CVE-2024-43629 vulnerability identified by a specialist from the Positive Technologies Security Expert Center. The updates cover Windows 10, Windows 11, as well as server versions - Windows Server 2025, Windows Server 2022 and Windows Server 2019. The vulnerability has a CVSS 3.1 score of 7.8, which indicates a high level of severity.
A Positive Technologies expert explained that this type of vulnerability — LPE (Local Privilege Escalation) — allows an attacker who gains access to the victim's device to escalate privileges, which can lead to system hijacking and further development of the attack. The vulnerability was discovered as part of a regular analysis of popular applications, and information about it was promptly transferred to the developer as part of responsible disclosure. Microsoft fixed the issue in a short time, and users are urged to install updates as soon as possible.
The vulnerability could allow an attacker to escalate user privileges to the system level. In the experience of PT Expert Security Center, this technique is used by attackers to gain access to the most critical components of the system and, as a rule, is a necessary stage for the further development of the attack.
Earlier, in 2017, PT Expert Security Center also discovered and helped Microsoft fix a similar vulnerability (CVE-2017-0263) in Windows 10 and earlier. At that time, the vulnerability was used by attackers in phishing emails identified during the monitoring of cyberthreats. This flaw allowed attackers to gain maximum privileges on workstations and servers running Windows 10, 8.1, 7, Server 2008, Server 2012, and Server 2016. To exploit the vulnerability, attackers first had to log in.
Source
