CVE-2022-24767

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.35.2

Description The issue is related to a DLL hijacking vulnerability in the uninstaller of Git for Windows when run under the SYSTEM user account. This vulnerability is due to an uncontrolled search path element when loading DLL libraries, which can be exploited by an attacker to elevate privileges using specially crafted malicious files with the .dll extension. The default system settings for TMP and TEMP point to C:WindowsTemp, a world-writable folder, allowing any authenticated user to place malicious .dll files that are loaded when the uninstaller is run via the SYSTEM account.

Recommendations For versions prior to 2.35.2, consider upgrading to Git for Windows v2.35.2 or newer to resolve the issue. As a temporary workaround, override the SYSTEM's TMP environment variable to point to a directory exclusively under SYSTEM's control before running the uninstaller. Alternatively, clear C:WindowsTemp of all .dll files before running the uninstaller. Another option is to run the uninstaller under an admin account rather than the SYSTEM account as a workaround.