CVE-2024-20135
CVSS 3.1 Score 6.7 of 10 (medium)
Details
Summary
CVE-2024-20135 is a newly disclosed vulnerability affecting Microsoft's soundtrigger component. The issue involves a missing bounds check, which can result in an out-of-bounds write. This type of vulnerability can lead to local privilege escalation, allowing an attacker to gain System-level execution rights without requiring user interaction. The vulnerability, identified as ALPS09142526 and MSV-1841, requires immediate attention, as successful exploitation can significantly compromise the affected system. Users are strongly advised to install the available patch as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.