CVE-2024-26213 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2024-26213	Microsoft Brokering File System Elevation of Privilege Vulnerability	Microsoft Windows Server	Important	23-04-2024

Technical Information

After satisfying multiple conditions, a low privileged attacker could elevate their privileges and execute code, access resources, delete targeted file on the system and could oerwrite arbitrary file content in the security context of the local system.

Patch release date: Apr 09, 2024
Further information on this vulnerability is available at : CVE-2024-26213

All the mentioned vulnerabilities are reported in same windows brokering file system and may have same impact.

CVE-2024-28904:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-28904

CVE-2024-28905:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-28905

CVE-2024-28907:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-28904

Affected Software

Windows Server 2022, 23H2 Edition (Server Core installation)