CVE-2024-26169
Published Mar 12, 2024
Last updated 9 months ago
AI description
CVE-2024-26169 is an elevation of privilege vulnerability affecting the Windows Error Reporting (WER) service. It stems from improper privilege management within the WER service, which could allow a local attacker with user permissions to gain elevated, SYSTEM-level privileges. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, install programs, view, change, or delete data, or create new accounts with full user rights. The Black Basta ransomware group has been observed actively exploiting this vulnerability.
- Description
- Windows Error Reporting Service Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
- Exploit added on
- Jun 13, 2024
- Exploit action due
- Jul 4, 2024
- Required action
- Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
- secure@microsoft.com
- CWE-269
- nvd@nist.gov
- NVD-CWE-noinfo
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
12
Actively exploited CVE : CVE-2024-26169
@transilienceai
9 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +25.40% - CVE-2023-20269 (ASA..) +24.24% - CVE-2023-20269 (FTD..) +24.24% - CVE-2024-26169 (Windows Error R..) +9.58% - CVE-2022-27510 (NetScaler ADC..) +6.76%
@DefusedCyber
8 Sept 2025
5121 Impressions
9 Retweets
43 Likes
18 Bookmarks
2 Replies
2 Quotes
Actively exploited CVE : CVE-2024-26169
@transilienceai
8 Sept 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-26169
@transilienceai
6 Sept 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-26169
@transilienceai
5 Sept 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C9C29C6-636E-4023-88E0-8A8C4DDD3FA4",
"versionEndExcluding": "10.0.10240.20526"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34",
"versionEndExcluding": "10.0.14393.6796"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853",
"versionEndExcluding": "10.0.17763.5576"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5",
"versionEndExcluding": "10.0.17763.5576"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D",
"versionEndExcluding": "10.0.17763.5576"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CA95D8E-CAD9-4D07-AE35-36D83D546AA8",
"versionEndExcluding": "10.0.19044.4170"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "968B931A-18E6-4425-B326-5A02C0B93A08",
"versionEndExcluding": "10.0.19045.4170"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63",
"versionEndExcluding": "10.0.22000.2836"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A",
"versionEndExcluding": "10.0.22621.3296"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F08760C-CF31-4507-8CBD-21A2FEAE478C",
"versionEndExcluding": "10.0.20348.2333"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763"
}
],
"operator": "OR"
}
]
}
]