A threat actor has allegedly surfaced with a lucrative offer: the sale of a Windows 1-day Local Privilege Escalation (LPE) exploit, identified as CVE-2024-26169. This vulnerability, categorized as a Windows Error Reporting Service Elevation of Privilege Vulnerability, presents a significant risk, as it allows attackers to gain SYSTEM privileges.
Notably, the exploit is compatible across a wide range of Windows operating systems, spanning from Windows 10 to Windows 11, including Windows Servers. While there’s no public Proof of Concept (PoC), the exploit’s presence on the Microsoft Security Response Center (MSRC) indicates its potential impact. The sale package includes the full-source code of the PoC, with an initial asking price of $10,000, although negotiation is possible.