CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-26229

High Severity
Microsoft
SVRS
50/100
CVSSv3
7.8/10
EPSS
0.82748/1

CVE-2024-26229 is a critical Windows CSC Service Elevation of Privilege vulnerability. This flaw allows an attacker to gain elevated privileges on a compromised system. The CVSS score is 7.8, but the SOCRadar Vulnerability Risk Score (SVRS) is 50, indicating a moderate level of risk and immediate patching. An attacker could use this vulnerability to execute arbitrary code with elevated permissions, potentially gaining full control over the affected system. The presence of active exploits makes this vulnerability especially dangerous. This is a significant concern because successful exploitation can lead to data breaches, system compromise, and further malicious activity. The fact that it's tagged as "Exploit Available" and "In The Wild" further raises the urgency.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-05-03
LAST MODIFIED2024-04-09
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-26229 is a Windows CSC Service Elevation of Privilege Vulnerability that allows attackers to gain elevated privileges on affected systems. The vulnerability has a CVSS score of 7.8, indicating a high severity level. However, SOCRadar's unique 'SOCRadar Vulnerability Risk Score' (SVRS) assigns a score of 50, indicating a moderate risk level. This difference in scoring highlights the importance of considering additional factors beyond CVSS when assessing the severity of vulnerabilities.

Key Insights

  • Active Exploits: Active exploits have been published for this vulnerability, indicating that attackers are actively exploiting it in the wild.
  • Threat Actors: Specific threat actors or APT groups exploiting this vulnerability have not been identified at this time.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In The Wild: The vulnerability is actively exploited by hackers, making it a high-priority threat.

Mitigation Strategies

  • Apply Software Updates: Install the latest security updates from Microsoft to patch the vulnerability.
  • Disable CSC Service: Disable the CSC service if it is not required for business operations.
  • Restrict Privileges: Implement least privilege principles to limit the impact of potential exploits.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity that may indicate exploitation attempts.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
RalfHacker/CVE-2024-26229-exploithttps://github.com/RalfHacker/CVE-2024-26229-exploit2024-06-11
0XJ175/DRivehttps://github.com/0XJ175/DRive2024-06-13
Cracked5pider/eop24-26229https://github.com/Cracked5pider/eop24-262292024-08-04
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-26229 | Microsoft Windows up to Server 2022 23H2 CSC Service heap-based overflow
vuldb.com2025-01-09
CVE-2024-26229 | Microsoft Windows up to Server 2022 23H2 CSC Service heap-based overflow | A vulnerability was found in Microsoft Windows. It has been classified as critical. Affected is an unknown function of the component CSC Service. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-26229. The attack needs to be approached locally. Furthermore, there is
vuldb.com
rss
forum
news
Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Nikolaos Pantazopoulos2024-11-20
Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms | IntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods, and a set of privilege escalation exploits. For these reasons, according to other researchers, Raspberry Robin has been used by many different threat actors to deploy other malware families
securityboulevard.com
rss
forum
news
The April 2024 Security Updates Review
Dustin Childs2024-04-09
The April 2024 Security Updates Review | It’s the second Tuesday of the month, and Adobe and Microsoft have released a fresh crop of security updates. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for April 2024For April, Adobe released nine patches addressing
cve-2024-28917
cve-2024-28926
cve-2024-26217
cve-2024-28943

Social Media

@anthemtotheego @q8fawazo @memN0ps @trickster012 @0xBoku the only time i truly tried writing C++ was for my VM plugin to execute the CVE-2024-26229 exploit. Had to use a bunch of templates to host win32 call to VM from the plugin code. 😮‍💨 https://t.co/bkQ0jLAJuB
1
0
1
With patch-diff , at April, i found the fix about CVE-2024-26229 is wrong due to length check is under Non-persistent feature , so i report as patch bypass . but MSRC told me is not , because it need some integrity. And this patch-thuesday , they finally fix it as reported.😂 https://t.co/kpejRnpYpy
0
1
5
#Vulnerability #bufferoverflow CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub https://t.co/FAicUuGWAk
0
0
0
🚀 New Module Alert! 🚀 We're excited to introduce our latest ATTACKIFY module targeting CVE-2024-26229, a vulnerability in the Windows CSC Service. 🔍 Key Features: - Test & Validate Security Controls: Focus on local privilege escalation detection & prevention. - Real-World https://t.co/YnlhFODCEu
0
1
2
CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub - https://t.co/srEFe6xtSk
0
0
0
Exploit for Windows Elevation of Privilege Vulnerability (CVE-2024-26229) Now Available on GitHub, Utilize at Your Own Risk. Details: https://t.co/7e1lEqRSKx #cybersecurity #infosec #infosecurity
0
0
0
CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub https://t.co/ykkAVrizPl
0
1
7
BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel https://t.co/wY32F6T3Ju #Pentesting #CyberSecurity #Infosec https://t.co/TSkmiqsbMG
0
1
6
RT @cyber_advising: CVE-2024-26229: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. PoC https://t.…
0
101
0
CVE-2024-26229: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code in the csc.sys driver https://t.co/36tHjTaDEZ https://t.co/B7Iq1zU4lm
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_server_2008
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
SECURE@MICROSOFT.COMhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229
AF854A3A-2127-422B-91AE-364DA2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229
SECURE@MICROSOFT.COMhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229
WINDOWS CSC SERVICE ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229
WINDOWS CSC SERVICE ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229

CWE Details

CWE IDCWE NameDescription
CWE-122Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence