CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability.

CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability.

This issue is due to the fact that the Windows application protocol, which is the default protocol used by Windows applications, does not validate the length of the data sent by an application and can receive a buffer overflow if the application sends a long string. An attacker can exploit this vulnerability by sending an email with malicious content to a user. If the user clicks on the malicious link, then the application could receive a buffer overflow and execution of malicious code in the context of the application. Microsoft has patched this vulnerability in the March 2018 updates. However, for those who did not apply the patches, there is a temporary workaround. The user should change the Windows application protocol to Transmission or Raw transport protocol in the Windows settings.

Microsoft Office Memory Corruption Vulnerability

A vulnerability was discovered in Microsoft Office that could allow attackers to execute code on affected systems when a user opens a specially crafted document. The vulnerability exists because the Windows application protocol, which is the default protocol used by Windows applications, does not validate the length of the data sent by an application and can receive a buffer overflow if the application sends a long string. An attacker can exploit this vulnerability by sending an email with malicious content to a user. If the user clicks on the malicious link, then the application could receive a buffer overflow and execution of malicious code in the context of the application. Microsoft has patched this vulnerability in March 2018 updates.
While waiting for patches, users have been told that they should change their default protocol from Windows Application Protocol to Transmission or Raw Transports in order to mitigate any potential attacks.

Microsoft April 2018 Update

Microsoft released a patch for this vulnerability in the April 2018 updates. The update should be applied to all users who have not applied the patch yet. The temporary workaround should not be used if the user has already applied the update.
The temporary workaround is a Windows setting that allows users to change the Windows application protocol to Transmission or Raw transport protocol. This will help mitigate against this vulnerability until Microsoft releases another update.

Microsoft Office Security

Microsoft has released a new patch for its Office software in March 2018 that fixes a vulnerability CVE-2022-23279. This issue is caused by the Windows application protocol, which does not validate the length of data sent by an application, and can receive a buffer overflow if an application sends a long string. An attacker can exploit this vulnerability by sending an email with malicious content to a user, who then clicks on the malicious link. If the user is using an affected version of Microsoft Office, then the application could receive a buffer overflow and execution of malicious code in the context of the application. There is a temporary workaround available that prevents this vulnerability from being exploited. The user should change the Windows application protocol to Transmission or Raw transport protocol in their Windows settings.

Windows 7, 8.1 and 10

The vulnerability CVE-2022-23279 is due to the fact that Windows applications do not validate the length of the data sent by an application and can receive a buffer overflow if the application sends a long string. An attacker can exploit this vulnerability by sending an email with malicious content to a user. If the user clicks on the malicious link, then the application could receive a buffer overflow and execution of malicious code in the context of the application.
Microsoft has patched this vulnerability in the March 2018 updates. However, for those who did not apply these patches, there is a temporary workaround. The user should change their Windows application protocol to Transmission or Raw transport protocol in their Windows settings.

Windows Transmission Protocol

The Windows Transmission Protocol (WSP) is a specific transport protocol that can be used during the initial connection when connecting to an SMTP server. If you have an email account on the same computer as your Windows application and you have not changed the Windows settings, then you will be using WSP by default. In order to fix this issue, change the transport protocol in the settings of your email account to TCP or TLS.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe