CVE-2024-50592

Summary

CVE-2024-50592 is a newly disclosed vulnerability that allows an attacker with local access to a medical office computer to escalate their Windows user privileges to "NT AUTHORITY\\SYSTEM" level. This is accomplished by exploiting a race condition in the Elefant Update Service during the repair or update process. When the repair function is initiated, the service queries the server for a list of files and their hashes, and also includes instructions to execute binaries to finalize the repair process. These executables are copied over to the user writable installation folder (C:\\Elefant1) and executed as "NT AUTHORITY\\SYSTEM" after they are copied. An attacker can take advantage of this time frame to overwrite either "PostESUUpdate.exe" or "Update_OpenJava.exe", and the overwritten executable will then be executed as "NT AUTHORITY\\SYSTEM", granting the attacker elevated privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.