Plattform
windows
Komponente
windows-storage
Behoben in
10.0.20348.2402
10.0.22000.2899
10.0.19044.4291
10.0.22621.3447
10.0.19045.4291
10.0.22631.3447
10.0.22631.3447
10.0.25398.830
CVE-2024-29052 describes an Elevation of Privilege vulnerability within Windows Storage. Successful exploitation could allow an attacker to gain elevated privileges on the affected system, potentially leading to unauthorized access and control. This vulnerability impacts Windows versions 10.0.25398.830 and earlier. A security update has been released to address this issue.
This vulnerability allows a local attacker to escalate their privileges. An attacker who has successfully logged into the system could exploit this flaw to gain SYSTEM privileges, effectively taking complete control of the machine. This could involve installing malware, accessing sensitive data, modifying system configurations, or creating new user accounts with administrative rights. The potential blast radius is significant, as a compromised system can be used as a launchpad for further attacks within the network. While no specific real-world exploits have been publicly linked to this CVE yet, similar privilege escalation vulnerabilities have historically been exploited to gain persistent access and compromise entire networks.
CVE-2024-29052 was publicly disclosed on April 9, 2024. Its EPSS score is currently pending evaluation. No public proof-of-concept exploits have been released at the time of writing, but the nature of privilege escalation vulnerabilities makes it a likely target for exploitation. It is not currently listed on the CISA KEV catalog.
Systems administrators and users with administrative privileges are at the highest risk. Environments with legacy Windows configurations or those that have disabled automatic updates are particularly vulnerable. Shared hosting environments where multiple users share the same system could also be impacted, as a compromised user account could potentially be leveraged to escalate privileges.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4688 -MessageText '*\Storage* privilege*escalation*'"• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*storage*'} | Select-Object ProcessName, CommandLine• windows / supply-chain: Check Autoruns for suspicious entries related to Windows Storage processes. • windows / supply-chain: Monitor Windows Defender for alerts related to privilege escalation attempts involving Windows Storage components.
disclosure
Exploit-Status
EPSS
0.98% (77% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-29052 is to apply the security update released by Microsoft. Ensure that all affected Windows systems are updated to version 10.0.25398.830 or later as soon as possible. If immediate patching is not feasible due to compatibility concerns or system downtime requirements, consider implementing least privilege principles to limit the potential impact of a successful exploit. This includes restricting user access to only the resources and permissions necessary for their tasks. While a WAF or proxy cannot directly mitigate this local privilege escalation, ensuring robust endpoint detection and response (EDR) solutions are in place is crucial for detecting and responding to suspicious activity following a potential compromise. After upgrade, confirm the update was successful by checking the Windows Update history and verifying the OS build number.
Aplicar las actualizaciones de seguridad proporcionadas por Microsoft para Windows Server 2022. Estas actualizaciones corrigen la vulnerabilidad de elevación de privilegios en el componente Windows Storage. Consulte el boletín de seguridad de Microsoft para obtener más detalles e instrucciones específicas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-29052 is a HIGH severity vulnerability in Windows Storage that allows an attacker to gain elevated privileges. It affects versions ≤10.0.25398.830.
You are affected if you are running Windows Storage version 10.0.25398.830 or earlier. Check your system's version to determine if you are vulnerable.
Upgrade to Windows Storage version 10.0.25398.830 or later by applying the security update released by Microsoft. Ensure automatic updates are enabled.
Currently, no public proof-of-concept exploits are known, but the vulnerability's nature suggests potential for future exploitation.
Refer to the Microsoft Security Update Guide for CVE-2024-29052: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.