📄 Description (English)
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
🤖 AI Executive Summary
CVE-2026-24290 is a privilege escalation vulnerability in Windows Projected File System affecting Windows 10 and 11 versions. An authorized local attacker can exploit improper access controls to elevate privileges to SYSTEM level. With a CVSS score of 7.8 and no public exploit currently available, this poses a significant risk to Saudi organizations relying on Windows infrastructure, particularly in government and banking sectors where privilege escalation could lead to unauthorized access to sensitive systems.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 29, 2026 04:57
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), and critical infrastructure operators. Windows 10/11 systems are prevalent in Saudi organizations for both user workstations and server infrastructure. Privilege escalation could enable lateral movement within networks, compromise of sensitive financial data, unauthorized access to classified government information, and disruption of critical services. Healthcare organizations and energy sector (ARAMCO, utilities) using Windows infrastructure are also at risk. The vulnerability requires local access, limiting exposure but affecting insider threat scenarios and compromised endpoint scenarios.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
Education
Manufacturing
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Prioritize patching Windows 10 versions (1809, 21H2, 22H2) and Windows 11 23H2 across all systems
2. Inventory all Windows systems in your environment and categorize by criticality
3. Implement application whitelisting to restrict execution of suspicious processes attempting privilege escalation
PATCHING GUIDANCE:
1. Deploy Microsoft security updates immediately upon availability through WSUS or Windows Update
2. Test patches in non-production environments first, particularly for critical systems
3. Prioritize patching for systems with high-value data or administrative access
4. Establish a 30-day patching SLA for this vulnerability across all Windows systems
COMPENSATING CONTROLS (if patching delayed):
1. Restrict local administrative access and enforce principle of least privilege
2. Implement User Account Control (UAC) at highest level and monitor UAC bypass attempts
3. Monitor and audit file system access to Projected File System components
4. Disable unnecessary services and features related to Projected File System if not required
5. Implement endpoint detection and response (EDR) solutions to detect privilege escalation attempts
DETECTION RULES:
1. Monitor for unexpected elevation of user privileges to SYSTEM level
2. Alert on suspicious access to Windows\System32\drivers\projfs.sys
3. Track failed and successful privilege escalation attempts in Event Viewer (Event ID 4672, 4673)
4. Monitor for unusual process creation with elevated privileges from standard user accounts
5. Implement SIEM rules to detect multiple failed privilege escalation attempts indicating attack patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. أولويات تصحيح إصدارات Windows 10 (1809، 21H2، 22H2) و Windows 11 23H2 عبر جميع الأنظمة
2. إنشاء جرد لجميع أنظمة Windows وتصنيفها حسب الأهمية
3. تطبيق قائمة التطبيقات المسموحة لتقييد تنفيذ العمليات المريبة التي تحاول رفع الامتيازات
إرشادات التصحيح:
1. نشر تحديثات أمان Microsoft فوراً عند توفرها عبر WSUS أو Windows Update
2. اختبار التصحيحات في بيئات غير الإنتاج أولاً، خاصة للأنظمة الحرجة
3. إعطاء الأولوية لتصحيح الأنظمة التي تحتوي على بيانات عالية القيمة أو وصول إداري
4. إنشاء اتفاقية مستوى خدمة لمدة 30 يوماً لتصحيح هذه الثغرة عبر جميع أنظمة Windows
الضوابط البديلة (إذا تأخر التصحيح):
1. تقييد الوصول الإداري المحلي وفرض مبدأ أقل امتياز
2. تطبيق User Account Control (UAC) على أعلى مستوى ومراقبة محاولات تجاوز UAC
3. مراقبة ومراجعة الوصول إلى نظام ملفات Projected File System
4. تعطيل الخدمات والميزات غير الضرورية المتعلقة بـ Projected File System إن لم تكن مطلوبة
5. تطبيق حلول كشف الأطراف النهائية والاستجابة (EDR) للكشف عن محاولات رفع الامتيازات
قواعد الكشف:
1. مراقبة رفع امتيازات المستخدم غير المتوقع إلى مستوى SYSTEM
2. تنبيهات الوصول المريب إلى Windows\System32\drivers\projfs.sys
3. تتبع محاولات رفع الامتيازات الفاشلة والناجحة في Event Viewer (Event ID 4672، 4673)
4. مراقبة إنشاء العمليات غير العادية بامتيازات مرتفعة من حسابات المستخدمين العاديين
5. تطبيق قواعد SIEM للكشف عن محاولات رفع امتيازات متعددة الفشل تشير إلى أنماط الهجوم
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policy
ECC 2024 A.5.2.1 - User Registration and De-registration
ECC 2024 A.5.3.1 - User Access Rights
ECC 2024 A.5.3.2 - Privilege Management
ECC 2024 A.8.2.1 - User Endpoint Devices
🔵 SAMA CSF
SAMA CSF ID.AC-1 - Access Control Policy and Procedures
SAMA CSF PR.AC-1 - Identities and Credentials
SAMA CSF PR.AC-3 - Access Enforcement
SAMA CSF PR.AC-4 - Access Rights Management
SAMA CSF DE.CM-1 - System Monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.2 - User Access Management
ISO 27001:2022 A.5.3 - Access Control
ISO 27001:2022 A.8.1 - User Endpoint Devices
ISO 27001:2022 A.8.2 - Privileged Access Rights
ISO 27001:2022 A.8.3 - Information Access Restriction
🟣 PCI DSS v4.0.1
PCI DSS 2.1 - Restrict access to system components
PCI DSS 7.1 - Limit access to system components
PCI DSS 8.1 - Assign unique ID to each person
PCI DSS 8.2 - Restrict access through passwords
📦 Affected Products / CPE 20 entries
microsoft:windows_10_1809
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_21h2
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_10_22h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_11_25h2
microsoft:windows_11_26h1
microsoft:windows_11_26h1
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025