{"id":37397,"date":"2025-03-18T08:39:19","date_gmt":"2025-03-18T07:39:19","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=37397"},"modified":"2025-03-18T08:39:19","modified_gmt":"2025-03-18T07:39:19","slug":"microsoft-update-catalog-security-risk-due-to-privilege-escalations-cve-2024-49147","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/03\/18\/microsoft-update-catalog-security-risk-due-to-privilege-escalations-cve-2024-49147\/","title":{"rendered":"Microsoft Update Catalog: Security risk due to privilege escalations (CVE-2024-49147)"},"content":{"rendered":"

\"Sicherheit[English<\/a>]I'm posting another security alert here on the blog that I've had since mid-December 2024 but has \"stuck\". There was a critical vulnerability CVE-2024-49147 in the Microsoft Update Catalog that allowed privilege escalations in the Microsoft Update Catalog. This vulnerability was closed by Microsoft.<\/p>\n

<\/p>\n

German blog reader Jan V. had pointed this out to me and wrote in mid-December 2024 \"during the update check for the current Edge v131.0.2903.99 I accidentally 'stumbled' across the message about CVE-2024-49147<\/a> from Dec. 12, 2024 addressing a vulnerability in Microsoft Update Catalog.<\/p>\n

\"Microsoft<\/a><\/p>\n

The screenshot above shows Microsoft's entry for CVE-2024-49147<\/a>, which has rated the Elevation of Privilege vulnerability as critical and with a CVSS 3.1 index of 9.3.\u00a0Microsoft states that the deserialization of untrusted data in the Microsoft Update Catalog allows an unauthorized attacker to elevate their privileges on the website's web server.<\/p>\n

This vulnerability has already been fully mitigated or closed by Microsoft upon disclosure. However, the disclosure shows what kind of clogs are lurking under the hood.<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]I'm posting another security alert here on the blog that I've had since mid-December 2024 but has \"stuck\". There was a critical vulnerability CVE-2024-49147 in the Microsoft Update Catalog that allowed privilege escalations in the Microsoft Update Catalog. This vulnerability … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[65,69,195],"class_list":["post-37397","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-microsoft","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=37397"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37397\/revisions"}],"predecessor-version":[{"id":37398,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37397\/revisions\/37398"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=37397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=37397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=37397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}