CVE-2024-43590: Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Oct

Released

2024-10-08

Last Updated

2024-10-09

EPSS Score

0.66% (percentile: 71.2%)

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account.

Affected Products (7)

Developer Tools

• Visual C++ Redistributable Installer
• Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
• Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
• Microsoft Visual Studio 2022 version 17.6
• Microsoft Visual Studio 2022 version 17.8
• Microsoft Visual Studio 2022 version 17.10
• Microsoft Visual Studio 2022 version 17.11

Security Updates (7)

• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Acknowledgments

<a href="https://medium.com/@spoppi">Sandro Poppi</a>

Revision History

• 2024-10-08: Information published.
• 2024-10-09: Updated FAQ information. This is an informational change only.