This September's release of CVE-2024-38014 mitigates an entire class of LPE ...

2024-09-13 18:12:32

This September's release of CVE-2024-38014 mitigates an entire class of LPE vulnerabilities on Windows. 🎉

That is, prior to this update, a non-admin user can trigger an MSI repair operation, which might do some unsafe things with SYSTEM privileges.

After this update, such MSI files will prompt the user for admin credentials.
https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/

Author Public Key

npub12xhpqz0ygq7cy87pcyhpf06tgr0yf37uv9mcnzzqeg00n70tca5q0vzxeq

Show more details

Will Dormann on Nostr: This September's release of CVE-2024-38014 mitigates an entire class of LPE ...