CVE-2026-24466 – This vulnerability allows local attackers to es... (How to Fix)

Q: What is the severity of CVE-2026-24466?

CVE-2026-24466 has a CVSS score of 6.7 (MEDIUM). This vulnerability allows local attackers to escalate privileges to SYSTEM on Windows systems by exploiting unquoted service paths in Oki Electric Industry products and their OEM versions (Ricoh, Murata Machinery). Attackers need write permissions to the system drive root directory. Affects organizations using these specific printer/device management software products.

📋 TL;DR

This vulnerability allows local attackers to escalate privileges to SYSTEM on Windows systems by exploiting unquoted service paths in Oki Electric Industry products and their OEM versions (Ricoh, Murata Machinery). Attackers need write permissions to the system drive root directory. Affects organizations using these specific printer/device management software products.

💻 Affected Systems

Products:

Oki Electric Industry printer/device management software
Ricoh OEM versions
Murata Machinery OEM versions

Versions: All versions prior to vendor patches

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Windows services installed by these products with unquoted file paths. Requires write permission to system drive root directory (typically C:\) which is not default for standard users.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full SYSTEM privilege compromise allowing complete control of the Windows system, installation of persistent malware, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation by authenticated users or malware to gain SYSTEM privileges for persistence, credential dumping, or disabling security controls.

🟢

If Mitigated

Limited impact if proper access controls prevent unauthorized users from writing to system drive root directory and services run with minimal privileges.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over the network.

🏢 Internal Only: HIGH - Internal users with write permissions to system drive root can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and write permissions to system drive root. Standard unquoted service path exploitation techniques apply.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisories for specific version updates

Vendor Advisory: https://www.oki.com/jp/product_security/sa_2026_0001_en.html

Restart Required: Yes

Instructions:

1. Check vendor advisories for your specific product. 2. Download and apply vendor-provided patches. 3. Restart affected systems to ensure service updates take effect.

🔧 Temporary Workarounds

Add quotes to service paths

windows

Manually edit vulnerable service paths to include quotes around executable paths

sc config "ServiceName" binPath= "\"C:\Path\To\Executable.exe\""
sc stop "ServiceName"
sc start "ServiceName"

Restrict write permissions to system drive root

windows

Remove write permissions for non-administrative users to the system drive root directory

icacls C:\ /deny Users:(OI)(CI)W
icacls C:\ /deny Authenticated Users:(OI)(CI)W

🧯 If You Can't Patch

Implement strict access controls to prevent non-administrative users from writing to system drive root directory
Monitor for unauthorized service modifications and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check services installed by affected products using: sc qc "ServiceName" and look for unquoted paths containing spaces. Also verify write permissions to C:\ with: icacls C:\

Check Version:

Check product documentation or vendor-specific version commands

Verify Fix Applied:

Verify service paths are quoted: sc qc "ServiceName" should show quoted executable path. Check that patches are applied via vendor version checks.

📡 Detection & Monitoring

Log Indicators:

Windows Event ID 7045: Service installation/modification
Unexpected service creation or path modification
Privilege escalation attempts

Network Indicators:

Unusual outbound connections from affected systems post-exploitation

SIEM Query:

EventID=7045 AND (ServiceName contains "Oki" OR ServiceName contains "Ricoh" OR ServiceName contains "Murata")

📊 Metadata

CVE ID: CVE-2026-24466

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-428

EPSS Score: 0.01% exploit probability (2th percentile)

Published: February 9, 2026

Last Updated: February 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24466, you might also want to check these: