Windows 10 PLUGScheduler Vulnerability Allows Privilege Escalation

A severe vulnerability within the Windows 10 working map, tracked as CVE-2024-26238, would perhaps allow attackers to attain elevated privileges on affected techniques. The flaw resides within the PLUGScheduler ingredient of Windows 10 variations 21H2 and 22H2.

PLUGScheduler is a scheduled job that is segment of the Reusable UX Integration Supervisor (RUXIM), a ingredient frail by Windows Replace. The job runs with SYSTEM privileges and is situated within the MicrosoftWindowsWindowsUpdateRUXIM directory.

In line with a safety advisory printed by Synacktiv, the PLUGScheduler.exe binary performs file operations such as deletion and renaming with SYSTEM privileges in a directory where favorite customers enjoy partial control.

Attackers can exploit this flaw to total arbitrary file write access with SYSTEM privileges.

The vulnerability become reported to Microsoft on January 22, 2024, and become confirmed by the Microsoft Security Response Center (MSRC) on February 1, 2024.

Microsoft assigned the flaw the CVE identifier CVE-2024-26238 and launched a patch within the Would possibly perhaps well per chance 2024 Patch Tuesday change, namely within the KB5037768 cumulative change.

Synacktiv has equipped a timeline of occasions connected to the invention and patching of the vulnerability:

• 2024.01.22: Advisory despatched to MSRC
• 2024.02.01: Vulnerability confirmed by MSRC
• 2024.05.14: Vulnerability assigned CVE-2024-26238 and patched in KB5037768
• 2024.05.24: Public originate of the advisory.

Microsoft has assigned the vulnerability a severity rating of “High.” Successful exploitation of this flaw would perhaps allow attackers to elevate their privileges on the affected map, potentially ensuing in total map compromise.

Windows 10 customers and directors are strongly told to apply the KB5037768 cumulative change as soon as imaginable to mitigate the threat posed by this vulnerability.

It’s extremely essential to put techniques up to this level with primarily the most in fashion safety patches to prevent attackers from exploiting known vulnerabilities.

This vulnerability is indubitably among the 61 flaws fixed by Microsoft within the Would possibly perhaps well per chance 2024 Patch Tuesday change, which moreover addressed three zero-day vulnerabilities.

System directors need to level-headed review the patch originate and prioritize deploying severe safety updates to manufacture sure the protection and integrity of their Windows environments.