CVE-2024-43457 — Unquoted Search Path or Element in Microsoft Windows 11 Version 24h2

CWE-428 — Unquoted Search Path or Element8 documents6 sources

Severity

7.8HIGHNVD

EPSS

2.7%

top 14.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 11 Version 24h2 Microsoft Windows 11 24h2 Msrc Windows 11 Version 24h2 FOR Arm64-based Systems +1 more

Timeline

PublishedSep 10

Description

Windows Setup and Deployment Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmicrosoft/windows_11_24h2< 10.0.26100.1742

▶CVEListV5microsoft/windows_11_version_24h210.0.26100.0 — 10.0.26100.1742

▶msrcmsrc/windows_11_version_24h2_for_x64-based_systems

▶msrcmsrc/windows_11_version_24h2_for_arm64-based_systems

Patches

Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-h59m-8f5f-h863: Windows Setup and Deployment Elevation of Privilege Vulnerability↗2024-09-10

▶

📋Vendor Advisories

Microsoft

Windows Setup and Deployment Elevation of Privilege Vulnerability↗2024-09-10

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws↗2024-09-10

▶

Trendmicro

The September 2024 Security Update Review↗2024-09-10

▶

Qualys

Microsoft and Adobe Patch Tuesday, September 2024 Security Update Review↗2024-09-10

▶

Qualys

Microsoft & Adobe September 2024 Security Update Review | Qualys↗2024-09-10

▶

Trendmicro

The September 2024 Security Update Review↗2024-09-10

▶