CVE-2024-26169

Name of the Vulnerable Software and Affected Versions Microsoft Windows Error Reporting Service versions prior to the fixed version in Microsoft's March Patch Tuesday

Description The issue is related to improper privilege management in the Windows Error Reporting Service, allowing an attacker to elevate their privileges. The Black Basta ransomware group is suspected of exploiting this vulnerability as a zero-day before a fix was made available. Symantec researchers found an exploit for this bug compiled three months before Microsoft's official patch. The vulnerability was added to CISA KEV, and it is recommended to patch systems promptly to prevent exploitation.

Recommendations For versions prior to the fixed version in Microsoft's March Patch Tuesday, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the Windows Error Reporting Service to minimize the risk of exploitation.