CVE-2024-26238
published 2024-05-14CVE-2024-26238: Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.73%
49.4th percentile
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_21h2 | < 10.0.19044.4412 | 10.0.19044.4412 |
| microsoft | windows_10_22h2 | < 10.0.19045.4412 | 10.0.19045.4412 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.4412 | 10.0.19044.4412 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.4412 | 10.0.19045.4412 |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5977-vhpg-p3hq: Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
ghsa_unreviewed·2024-05-14
CVE-2024-26238 [HIGH] CWE-59 GHSA-5977-vhpg-p3hq: Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
Microsoft
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
vendor_msrc·2024-05-14·CVSS 7.8
CVE-2024-26238 [HIGH] CWE-59 Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
FAQ: How do I protect myself from this vulnerability?
Customers running Windows 10 version 2004 through 20H2 need to have KB 5001716 installed to be protected from this vulnerability. This update will be downloaded and installed automatically from Windows update on all in-support versions of Windows 10. It is also offered to Windows Update Client for some devices that have not installed the most recent updates. If you are running a version of Windows10 that has reached the end of its support lifecycle, or if you have not installe
No detection rules found.
No public exploits indexed.
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
# The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs
2024/05/14
Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8. This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory protec
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
## The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs 2024/05/14 Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8 . This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory prote
Bleepingcomputer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
blogs_bleepingcomputer·2024-05-14·CVSS 8.8
[HIGH] Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Lawrence Abrams
17 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
27 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four fixed on May 10th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5037771 cumulative update and the Windows 10 KB5037768 update .
## Three zero-days fixed
This month's Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day as a flaw
2024-05-14
Published