Executive Risk Summary
"A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM. This vulnerability can be exploited through the use of the repair functionality offered by the .msi file used to install GlobalProtect."
Operational Audit Arsenal
Target Type Executable
Target Asset GlobalProtect.msi
Standard Path %windir%\Installer
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: GlobalProtect.msi (Executable)
$Targets = 'GlobalProtect.msi'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Likely
Network connectivity may be affected
Internal Work Notes
Apply patch for CVE-2024-9473 to prevent privilege escalation vulnerability in GlobalProtect
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related Palo Alto Networks Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.