CISA Known Exploited Vulnerability

CVE-2024-26169 Ransomware

Microsoft · Windows

Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability

Date added 2024-06-13

BOD 22-01 due date 2024-07-04

CWE CWE-269

Ransomware Known

CISA description

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Required action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Notes & references

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169
https://nvd.nist.gov/vuln/detail/CVE-2024-26169

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2024-26169
CVE.org · CVE-2024-26169
CISA KEV catalog (canonical)