CVE-2024-42050 is a vulnerability identified in the MSI installer of Splashtop Streamer for Windows versions before 3.7.0.0. During installation, the MSI installer creates and uses a temporary folder with weak permissions, which can be accessed or manipulated by local users. Specifically, the vulnerability involves an opportunistic lock (oplock) on the file CredProvider_Inst.reg within this temporary folder. An oplock allows a local attacker to interfere with the file operations during installation, enabling them to escalate their privileges to SYSTEM level. This is a classic case of improper access control (CWE-269) where the installer does not securely restrict access to temporary installation files, allowing unauthorized modification or interference. The attack vector requires local access with low privileges but does not require user interaction, making it a potent threat in environments where multiple users have local accounts. The vulnerability has a CVSS v3.1 score of 7.0, reflecting high impact on confidentiality, integrity, and availability, with a high complexity due to the need for local access but no user interaction. No public exploits have been reported yet, but the nature of the vulnerability suggests it could be weaponized for privilege escalation in compromised environments.

If exploited, this vulnerability allows a local attacker to escalate privileges from a standard user to SYSTEM, the highest privilege level on Windows systems. This can lead to full system compromise, including the ability to install persistent malware, disable security controls, access sensitive data, and move laterally within a network. Organizations using Splashtop Streamer for remote access or support could see attackers leverage this flaw to gain control over critical systems, undermining confidentiality, integrity, and availability. The impact is particularly severe in multi-user environments, shared workstations, or managed service provider setups where local user accounts exist but should not have administrative control. The lack of required user interaction increases the risk of automated or stealthy exploitation once local access is obtained. Although no exploits are currently known in the wild, the vulnerability’s characteristics make it a significant risk for targeted attacks or insider threats.

1. Upgrade Splashtop Streamer to version 3.7.0.0 or later where this vulnerability is fixed. 2. If immediate patching is not possible, restrict local user permissions to prevent access to temporary installation folders during MSI installation. 3. Use application whitelisting and endpoint protection to monitor and block suspicious file operations or privilege escalation attempts involving the installer. 4. Implement strict local account management policies, minimizing the number of users with local access and regularly auditing local accounts. 5. Employ system integrity monitoring to detect unauthorized changes to system files and registry keys, including CredProvider_Inst.reg. 6. Consider deploying Windows Defender Exploit Guard or similar tools to block exploitation techniques involving oplocks or file manipulation during installation. 7. Monitor logs for unusual installer activity or privilege escalation attempts, especially on systems running Splashtop Streamer.