CVE-2024-12552 is a local privilege escalation vulnerability identified in Wacom Center version 6.4.7.5003, specifically within the WTabletServicePro.exe service. The vulnerability is classified under CWE-59, which involves improper link resolution before file access, commonly known as 'link following.' This flaw allows an attacker who already has the ability to execute low-privileged code on the target system to create symbolic links that the WTabletServicePro service follows improperly. By exploiting this, the attacker can cause the service to create or overwrite arbitrary files, effectively escalating their privileges to SYSTEM level. This escalation enables the execution of arbitrary code with the highest system privileges, compromising confidentiality, integrity, and availability of the system. The vulnerability requires local access and does not need user interaction, but it demands that the attacker first obtain low-level code execution, which could be achieved through other vulnerabilities or social engineering. The CVSS 3.0 base score is 7.0, reflecting high severity due to the impact on confidentiality, integrity, and availability, combined with the complexity of exploitation and required privileges. No public exploits have been reported yet, but the vulnerability was disclosed by the Zero Day Initiative (ZDI) as ZDI-CAN-25359. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by affected organizations.

The primary impact of CVE-2024-12552 is local privilege escalation, allowing attackers with limited access to gain SYSTEM-level privileges on affected Windows systems running Wacom Center 6.4.7.5003. This elevation of privilege can lead to complete system compromise, including the ability to install persistent malware, disable security controls, access sensitive data, and disrupt system availability. Organizations relying on Wacom Center, especially in environments where multiple users share workstations or where attackers may gain initial footholds through phishing or other means, face increased risk of lateral movement and deeper network infiltration. The vulnerability undermines the security boundary between low-privileged users and system-level processes, making it a critical concern for enterprise environments, particularly those with high-value targets or sensitive intellectual property. Although no known exploits are currently in the wild, the vulnerability’s nature and severity make it a likely candidate for future exploitation by threat actors.

1. Apply patches or updates from Wacom as soon as they become available to address CVE-2024-12552. 2. Until patches are released, restrict local user permissions to the minimum necessary, preventing untrusted users from executing code or creating symbolic links in directories accessed by WTabletServicePro.exe. 3. Monitor and audit file system changes and symbolic link creations in directories used by Wacom Center services to detect suspicious activity. 4. Employ application whitelisting and endpoint protection solutions to prevent unauthorized execution of low-privileged code that could be leveraged to exploit this vulnerability. 5. Use Windows security features such as Controlled Folder Access and User Account Control (UAC) to limit the impact of potential exploitation. 6. Isolate systems running Wacom Center from untrusted networks and users to reduce the risk of initial low-privileged code execution. 7. Conduct regular security awareness training to reduce the risk of initial compromise vectors that could lead to exploitation of this vulnerability.