A critical vulnerability in the Windows 10 operating system, tracked as CVE-2024-26238, could allow attackers to gain elevated privileges on affected systems. The flaw resides in the PLUGScheduler component of Windows 10 versions 21H2 and 22H2.
PLUGScheduler is a scheduled task that is part of the Reusable UX Integration Manager (RUXIM), a component used by Windows Update. The task runs with SYSTEM privileges and is located in the MicrosoftWindowsWindowsUpdateRUXIM directory.
According to a security advisory published by Synacktiv, the PLUGScheduler.exe binary performs file operations such as deletion and renaming with SYSTEM privileges in a directory where standard users have partial control.
Attackers can exploit this flaw to achieve arbitrary file write access with SYSTEM privileges.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
The vulnerability was reported to Microsoft on January 22, 2024, and was confirmed by the Microsoft Security Response Center (MSRC) on February 1, 2024.
Microsoft assigned the flaw the CVE identifier CVE-2024-26238 and released a patch in the May 2024 Patch Tuesday update, specifically in the KB5037768 cumulative update.
Synacktiv has provided a timeline of events related to the discovery and patching of the vulnerability:
- 2024.01.22: Advisory sent to MSRC
- 2024.02.01: Vulnerability confirmed by MSRC
- 2024.05.14: Vulnerability assigned CVE-2024-26238 and patched in KB5037768
- 2024.05.24: Public release of the advisory.
Microsoft has assigned the vulnerability a severity rating of “High.” Successful exploitation of this flaw could allow attackers to elevate their privileges on the affected system, potentially leading to complete system compromise.
Windows 10 users and administrators are strongly advised to apply the KB5037768 cumulative update as soon as possible to mitigate the risk posed by this vulnerability.
It is essential to keep systems up to date with the latest security patches to prevent attackers from exploiting known vulnerabilities.
This vulnerability is one of the 61 flaws fixed by Microsoft in the May 2024 Patch Tuesday update, which also addressed three zero-day vulnerabilities.
System administrators should review the patch release and prioritize deploying critical security updates to ensure the security and integrity of their Windows environments.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service