Grafana Alloy and Grafana Agent Flow security release: High severity fix for CVE-2024-8975 and CVE-2024-8996

Grafana Labs has released updates for Grafana Alloy and Grafana Agent to address high-severity security vulnerabilities, specifically CVE-2024-8975 and CVE-2024-8996, which could allow local users on Windows installations to escalate privileges. The issues stem from the installers not enclosing service executable paths in quotes, enabling a local user to execute unauthorized programs with elevated privileges. Grafana Alloy v1.4.1 and v1.3.4 and Grafana Agent v0.43.3 have been released with patches. Users are advised to perform clean installations rather than simple updates to fully address these vulnerabilities. The vulnerabilities were reported by a customer and subsequently fixed, with the timeline for the resolution provided, and Grafana Labs encourages users to report any additional security issues directly to them.