CVE-2024-21447: 
vulnerability analysis and mitigation

Windows Authentication Elevation of Privilege Vulnerability (CVE-2024-21447) was disclosed on April 9, 2024, affecting various versions of Microsoft Windows operating systems. The vulnerability impacts multiple Windows versions including Windows 10 (21H2, 22H2), Windows 11 (21H2, 22H2, 23H2), and Windows Server 2022 (NVD).

The vulnerability is classified as an Elevation of Privilege (EoP) vulnerability in the User Manager service, potentially related to improper directory restrictions. Microsoft has assigned it a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with CWE-59, which relates to Improper Link Resolution Before File Access ('Link Following') (NVD, Akamai).

The vulnerability poses significant security risks as it allows for elevation of privilege attacks. With a CVSS score of 7.8, it indicates high potential impact on the confidentiality, integrity, and availability of affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available for affected versions: Windows 10 (up to versions 10.0.19044.4291 and 10.0.19045.4291), Windows 11 (up to versions 10.0.22000.2899, 10.0.22621.3447, and 10.0.22631.3447), and Windows Server 2022 (up to version 10.0.20348.2402) (NVD).