CVE-2024-49126

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 416
CWE ID 591

Summary

CVE-2024-49126 is a newly disclosed vulnerability that affects the Windows Local Security Authority Subsystem Service (LSASS). This issue grants an attacker the ability to remotely execute code on a targeted system. The LSASS service is a critical component of Windows security, responsible for managing local and domain security policies and authentication. An attacker can exploit this vulnerability by sending specially crafted messages to the LSASS service, leading to code execution at the highest privilege level. Successful exploitation could result in the installation of malware, unauthorized access, or system takeover. Windows users are advised to apply patches or updates as soon as they become available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 11
  • Microsoft Windows Server 2008
  • Microsoft Windows
  • Microsoft Windows Server

Affected Vendors

  • Microsoft