Threat Actor: Unknown
Victim: Windows users
Information:
๐ The threat actor is offering a Windows 1-day Local Privilege Escalation (LPE) exploit for sale.
๐ The exploit is identified as CVE-2024-26169 and is categorized as a Windows Error Reporting Service Elevation of Privilege Vulnerability.
๐ The vulnerability allows attackers to gain SYSTEM privileges.
๐ The exploit is compatible with a wide range of Windows operating systems, including Windows 10 to Windows 11 and Windows Servers.
๐ There is no public Proof of Concept (PoC) available for the exploit.
๐ The exploit’s presence on the Microsoft Security Response Center (MSRC) indicates its potential impact.
๐ The sale package includes the full-source code of the PoC.
๐ The initial asking price for the exploit is $10,000, but negotiation is possible.
————————————————–
A threat actor has allegedly surfaced with a lucrative offer: the sale of a Windows 1-day Local Privilege Escalation (LPE) exploit, identified as CVE-2024-26169. This vulnerability, categorized as a Windows Error Reporting Service Elevation of Privilege Vulnerability, presents a significant risk, as it allows attackers to gain SYSTEM privileges.
Notably, the exploit is compatible across a wide range of Windows operating systems, spanning from Windows 10 to Windows 11, including Windows Servers. While thereโs no public Proof of Concept (PoC), the exploitโs presence on the Microsoft Security Response Center (MSRC) indicates its potential impact. The sale package includes the full-source code of the PoC, with an initial asking price of $10,000, although negotiation is possible.
Source: Original Post