CVE-2024-13960

Name of the Vulnerable Software and Affected Versions AVG TuneUp version 23.4 (build 15592)

Description The issue allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a time-of-check to time-of-use (TOCTTOU) attack. This is achieved through the TuneUp Service in AVG TuneUp on Windows 10.

Recommendations For AVG TuneUp version 23.4 (build 15592), consider disabling the TuneUp Service as a temporary workaround until a patch is available. Restrict access to the TuneUp Service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.