CVE-2024-38014 - Microsoft Windows Installer Improper Privilege Management Vulnerability

Project:Microsoft

Product:Windows

Date Added:2024-09-10Due Date:2024-10-01Last Updated:June 21, 2025

Vulnerability Name

Microsoft Windows Installer Improper Privilege Management Vulnerability

Description

Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014

https://nvd.nist.gov/vuln/detail/CVE-2024-38014

Related News Articles

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows FlawsSeptember 11, 2024

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixesSeptember 10, 2024

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flawsSeptember 10, 2024

Related Weaknesses