CISA confirms Windows privilege escalation flaw has been exploited

US cybersecurity agency also added a recently disclosed Google Pixel flaw to its list of exploited vulnerabilities

clock • 1 min read
CISA confirms Windows privilege escalation flaw has been exploited
Image:

CISA confirms Windows privilege escalation flaw has been exploited

The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that a Microsoft Windows privilege escalation vulnerability has seen exploitation in attacks.

The vulnerability (tracked at CVE-2024-26169) has been tied to attacks by the Black Basta ransomware gang by researchers at Symantec. The Windows Error Reporting Service Improper Privilege Manag...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Massive IT outage hits airlines, hospitals and banks around the globe

Business Software

CrowdStrike update causes Windows to crash

clock 19 July 2024 • 2 min read
Microsoft overhauls Windows update process, announces smaller 'checkpoint' updates

Operating Systems

New system will deliver updates in smaller, incremental packages

clock 19 July 2024 • 2 min read
Cloud big three sign open letter urging datacentre kit suppliers to step up

Green

Embodied carbon emissions are the focus

clock 18 July 2024 • 4 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Threats and Risks

Cisco patches critical flaw in Secure Email Gateway appliances

Cisco patches critical flaw in Secure Email Gateway appliances

Patch devices immediately

clock 19 July 2024 • 3 min read
Malicious Python packages found exfiltrating user data to Telegram bot

Malicious Python packages found exfiltrating user data to Telegram bot

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

John Leonard
clock 15 July 2024 • 2 min read
New threat group CRYSTALRAY seen using variety of off-the-shelf tools to steal credentials

New threat group CRYSTALRAY seen using variety of off-the-shelf tools to steal credentials

Sysdig researchers have been following the group since February

John Leonard
clock 11 July 2024 • 2 min read