Main Vulnerability Database Vulnerabilities #VU95525

#VU95525 Improper access control in Windows and Windows Server - CVE-2024-21302

Published: August 8, 2024

Vulnerability identifier: #VU95525

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-21302

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions within the Virtualization Based Security (VBS) implementation. A local privileged user can circumvent some features of VBS and exfiltrate data protected by VBS, leading to privilege escalation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302

#VU95525 Improper access control in Windows and Windows Server - CVE-2024-21302

Description

Remediation

External links

Please verify you're human