PT-2024-9605 · Microsoft · Update Catalog

Jonathan Birch

Published

2024-12-12

Updated

2025-02-21

CVE-2024-49147

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The affected software is Microsoft Update Catalog, which has a critical issue related to the deserialization of untrusted data. This allows an unauthorized attacker to elevate privileges on the website's webserver. Although no specific versions of the software are mentioned as being affected, Microsoft has taken action to patch the issue. An exploit is available, and more information can be found at the provided links. The issue is related to privilege escalation and can be exploited by an unauthorized attacker.

The severity of this issue is increased, and it's related to the deserialization of untrusted data in Microsoft Update Catalog. Microsoft acted fast to patch the issue.

#MicrosoftUpdateCatalog #PrivilegeEscalation #Deserialization #Cybersecurity #ServerSideSecurity #CyberPatch #Microsoft

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2024-11315

CVE-2024-49147

Affected Products

Update Catalog

PT-2024-9605 · Microsoft · Update Catalog

CVE-2024-49147

Weakness Enumeration

Related Identifiers

Affected Products

References · 12