CVE-2024-54131 – Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)

https://notcve.org/view.php?id=CVE-2024-54131

03 Dec 2024 — The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory. This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These inc... • https://github.com/kolide/launcher/pull/1510 • CWE-276: Incorrect Default Permissions CWE-456: Missing Initialization of a Variable •