CVE-2024-6769

Summary

A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 1010.0.0affected
MicrosoftWindows 1110.0.0affected
MicrosoftWindows Server 201610.0.0affected
MicrosoftWindows Server 201910.0.0affected
MicrosoftWindows Server 202210.0.0affected

Weaknesses

  • CWE-426: CWE-426 Untrusted Search Path
  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

References