Lucene search
JeongOh Kyea of THEORIZDI-23-913HistoryJul 12, 2023 - 12:00 a.m.
Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
2023-07-1200:00:00
JeongOh Kyea of THEORI
www.zerodayinitiative.com
21
microsoft windows
installer service
local attackers
privilege escalation
vulnerability
low-privileged code
junction
arbitrary file
system
EPSS
0
Percentile
14.2%
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a junction, an attacker can abuse the service to change permissions on an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
cvelist
cvelist
CVE-2023-32050 Windows Installer Elevation of Privilege Vulnerability
2023-07-11 17:02:33
mscve
mscve
Windows Installer Elevation of Privilege Vulnerability
2023-07-11 07:00:00
cve
cve
CVE-2023-32050
2023-07-11 18:15:13
prion
prion
Privilege escalation
2023-07-11 18:15:00
vulnrichment
vulnrichment
CVE-2023-32050 Windows Installer Elevation of Privilege Vulnerability
2023-07-11 17:02:33
nvd
nvd
CVE-2023-32050
2023-07-11 18:15:13
nessus
nessus
KB5028226: Windows Server 2008 Security Update (July 2023)
2023-07-11 00:00:00
KB5028224: Windows Server 2008 R2 Security Update (July 2023)
2023-07-11 00:00:00
mskb
mskb
July 11, 2023âKB5028226 (Security-only update)
2023-07-11 07:00:00
July 11, 2023âKB5028222 (Monthly Rollup)
2023-07-11 07:00:00
July 11, 2023âKB5028240 (Monthly Rollup)
2023-07-11 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5028240)
2023-07-12 00:00:00
kaspersky
kaspersky
KLA50775 Multiple vulnerabilities in Microsoft Products (ESU)
2023-07-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2023
2023-07-11 21:50:34