April 27, 2023

Microsoft Patches Zero-Day Privilege Escalation Vulnerability in Windows

Microsoft has patched a zero-day privilege escalation vulnerability in win32kfull driver, which caused by a failure to validate an object’s existence before performing operations on it.

The Critical Vulnerability

• CVE-2022-24542 (CVSS 3.1: 8.8, High) – Privilege Escalation Vulnerability.
  Successful exploit of this vulnerability allows a local threat actor to gain elevated privileges and run arbitrary code in the context of SYSTEM.
  A threat actor must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected Products

• Windows Server 2022
• Windows Server 2019
• Windows 10
• Windows Server 2016
• Windows Server 2012
• Windows Server 2008
• Windows RT 81
• Windows 8.1
• Windows 7

See the complete list here.

Mitigation

CYREBRO recommends updating the relevant products up to the latest available version.

References: Microsoft Advisory