CVE-2024-50592

An attacker with local access the to medical office computer can <br /> escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by <br /> exploiting a race condition in the Elefant Update Service during the <br /> repair or update process. When using the repair function, the service queries the server for a <br /> list of files and their hashes. In addition, instructions to execute <br /> binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are <br /> copied over to the user writable installation folder (C:\Elefant1). This<br /> means that a user can overwrite either "PostESUUpdate.exe" or <br /> "Update_OpenJava.exe" in the time frame after the copy and before the <br /> execution of the final repair step. The overwritten executable is then executed as "NT AUTHORITY\SYSTEM".