Microsoft Vulnerability CVE-2024-6769 Now Public on Fortra.com
September 2024 by Fortra
Global cybersecurity software and solutions provider Fortra has published details about a vulnerability affecting Microsoft systems that allows attackers to escalate privileges from medium to high integrity levels without triggering a UAC (user account control) prompt.
The UAC prompt is essential for preventing unauthorized actions by providing a security checkpoint for administrators. However, this exploit removes that safeguard, enabling attackers to execute high-level tasks without detection or administrative approval. This could have significant consequences, particularly in environments where elevated permissions are tightly controlled, such as corporate networks or government systems.
• Impact: Allows unauthorized escalation to high integrity without UAC, introducing serious post-compromise risks
• Affected Systems: Windows 10, Windows 11, Windows Server 2019/2022 (with all updates applied)
• Current Status: Microsoft has not classified this as a vulnerability according to their security criteria, but Fortra urges organizations to be aware of the risks, as this exploit can be used for privilege escalation post-compromise.