CVE-2024-50592

Name of the Vulnerable Software and Affected Versions: Elefant versions prior to 1.4.2.1811

Description: An attacker with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITYSYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a list of files and their hashes, and instructions to execute binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITYSYSTEM" after they are copied over to the user-writable installation folder. This means that a user can overwrite either PostESUUpdate.exe or Update OpenJava.exe in the time frame after the copy and before the execution of the final repair step, allowing the overwritten executable to be executed as "NT AUTHORITYSYSTEM".

Recommendations: For Elefant versions prior to 1.4.2.1811, upgrade to version 1.4.2.1811 or later to mitigate the risk of local privilege escalation. As a temporary workaround, consider restricting access to the Elefant Update Service or disabling the execution of PostESUUpdate.exe and Update OpenJava.exe until a patch is applied. Avoid using the repair function until the issue is resolved.