CVE-2024-49126
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-49126 is a newly disclosed vulnerability that affects the Windows Local Security Authority Subsystem Service (LSASS). This issue grants an attacker the ability to remotely execute code on a targeted system. The LSASS service is a critical component of Windows security, responsible for managing local and domain security policies and authentication. An attacker can exploit this vulnerability by sending specially crafted messages to the LSASS service, leading to code execution at the highest privilege level. Successful exploitation could result in the installation of malware, unauthorized access, or system takeover. Windows users are advised to apply patches or updates as soon as they become available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows 11
- Microsoft Windows Server 2008
- Microsoft Windows
- Microsoft Windows Server
Affected Vendors
- Microsoft