CVE-2024-26229

Name of the Vulnerable Software and Affected Versions Windows CSC Service (affected versions not specified)

Description The issue is related to an elevation-of-privilege vulnerability in the Windows CSC Service, which can be exploited due to improper address validation in IOCTL with METHOD NEITHER I/O Control Code in the csc.sys driver. This vulnerability allows attackers to gain SYSTEM privileges. A proof-of-concept (PoC) exploit has been released on GitHub. The vulnerability was initially considered to have a lower criticality, but the release of the exploit has increased its criticality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.