Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-011HistoryJan 18, 2023 - 12:00 a.m.
Microsoft Exchange TorusUpdateInitialSessionState Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
2023-01-1800:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
8
microsoft exchange
local privilege escalation
torusupdateinitialsessionstate
0.0004 Low
EPSS
Percentile
9.8%
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Exchange. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TorusUpdateInitialSessionState function. The function loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
mscve
mscve
Microsoft Exchange Server Elevation of Privilege Vulnerability
2023-01-10 08:00:00
cve
cve
CVE-2023-21763
2023-01-10 22:15:19
cvelist
cvelist
prion
prion
Privilege escalation
2023-01-10 22:15:00
nvd
nvd
CVE-2023-21763
2023-01-10 22:15:19
mskb
mskb
nessus
nessus
Security Updates for Microsoft Exchange Server (Jan 2023)
2023-01-11 00:00:00
kaspersky
kaspersky
KLA20155 Multiple vulnerabilities in Microsoft Server Software
2023-01-10 00:00:00
qualysblog
qualysblog
The JanuaryΒ 2023 Patch Tuesday Security Update Review
2023-01-10 21:09:08
avleonov
avleonov
thn
thn
rapid7blog
rapid7blog
Patch Tuesday - January 2023
2023-01-10 22:32:55