Addressing CVE-2024-43590 Elevation of Privilege in Visual C++ Redistributable Installer
search cancel

Addressing CVE-2024-43590 Elevation of Privilege in Visual C++ Redistributable Installer

book

Article ID: 384527

calendar_today

Updated On: 04-21-2025

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

The uim robot and many probes have a dependency on Microsoft Visual C++ Redistributable Installer.  The most recent UIM provided version 1.02 which is 2017 Microsoft Visual C++ Redistributable Installer ver 14.16.27033.0

Everything below 14.42 is classified as a high vulnerability per:

https://www.cve.org/CVERecord?id=CVE-2024-43590

Environment

Version: 23.4+
Component: vs2017_vcredist_x86, vs2017_vcredist_x64

Resolution

As of April 2025, this is currently in review to be resolved in a coming CU pack for UIM 23.4.