CVE-2024-50591

Summary

CVE-2024-50591 is a newly identified vulnerability that grants local attackers elevated privileges on medical office computers. By exploiting a command injection flaw in the Elefant Update Service, an adversary can inject malicious commands and execute them as the powerful "NT AUTHORITY\\SYSTEM" account. The vulnerability is exploited through Windows Named Pipes, which enable communication between the Elefant Software Updater (ESU) service and tray client. The ESU service, which runs as "NT AUTHORITY\\SYSTEM," and the client, which operates with user permissions, exchange data using named pipes. A specially crafted message of type "MessageType.SupportServiceInfos" can be sent to the local ESU service to inject these commands.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.