CVE-2024-38014

Name of the Vulnerable Software and Affected Versions Microsoft Windows Installer (affected versions not specified)

Description The Windows Installer component contains a flaw in access control management. Successful exploitation of this issue could allow an attacker to elevate privileges to the SYSTEM level. This issue is actively being exploited in real-world attacks. The vulnerability involves improper privilege management within the repair functions of Microsoft Windows MSI installers, potentially allowing local attackers to escalate privileges. The msiscan tool is available to identify potentially vulnerable MSI installers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.