Platform
windows
Component
windows-storage
Fixed in
10.0.20348.2402
10.0.22000.2899
10.0.19044.4291
10.0.22621.3447
10.0.19045.4291
10.0.22631.3447
10.0.22631.3447
10.0.25398.830
CVE-2024-29052 describes an Elevation of Privilege vulnerability within Windows Storage. Successful exploitation could allow an attacker to gain elevated privileges on the system. This vulnerability impacts Windows versions 10.0.25398.830 and earlier. A security update has been released to address this issue.
This vulnerability allows a local attacker to escalate their privileges. An attacker could exploit this by crafting a malicious program that leverages the flaw to gain higher-level access to the system. This could lead to unauthorized access to sensitive data, modification of system configurations, or even complete control of the affected machine. The potential impact is significant, particularly in environments where user accounts have limited privileges but access to critical resources is required. Successful exploitation could mimic the impact of privilege escalation vulnerabilities seen in other Windows components, allowing attackers to bypass security controls and gain persistent access.
CVE-2024-29052 was publicly disclosed on April 9, 2024. Its EPSS score is currently pending evaluation. No public proof-of-concept exploits are currently known, but given the nature of privilege escalation vulnerabilities, it is likely that exploits will emerge over time. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.98% (77% percentile)
CVSS Vector
The primary mitigation for CVE-2024-29052 is to apply the security update released by Microsoft. Ensure that your systems are configured to receive automatic updates to minimize the window of vulnerability. If immediate patching is not possible due to compatibility concerns, consider implementing least privilege principles to limit the potential impact of a successful exploit. While no specific WAF rules or proxy configurations can directly prevent this vulnerability, enforcing strict access controls and monitoring for suspicious privilege escalation attempts is recommended. After upgrade, confirm by checking the Windows version number to ensure it is 10.0.25398.830 or later.
Aplicar las actualizaciones de seguridad proporcionadas por Microsoft para Windows Server 2022. Estas actualizaciones corrigen la vulnerabilidad de elevación de privilegios en el componente Windows Storage. Consulte el boletín de seguridad de Microsoft para obtener más detalles e instrucciones específicas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-29052 is a HIGH severity vulnerability in Windows Storage that allows an attacker to gain elevated privileges. It affects versions ≤10.0.25398.830.
You are affected if you are running Windows Storage version 10.0.25398.830 or earlier. Check your system's version to determine if you are vulnerable.
Upgrade to Windows Storage version 10.0.25398.830 or later by applying the security update released by Microsoft. Ensure automatic updates are enabled.
Currently, no public proof-of-concept exploits are known, but the vulnerability's nature suggests potential for future exploitation.
Refer to the Microsoft Security Update Guide for CVE-2024-29052: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.