CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability.

This vulnerability occurs when the user is prompted for a driver installation during system startup. When the user does not select “update driver” and instead selects “install driver” the computer does not receive the required input from the user at the time the driver is being installed. This vulnerability can be exploited by an attacker with Local or Remote access to the system. An attacker could trick a user into selecting “install driver” during system startup and thus potentially allowing the attacker to install a malicious driver on the system. Windows will then execute the malicious driver as the next highest priority operation. This could potentially result in the installation of a malicious driver with the ability to execute code on the system with system privileges. End users are typically not familiar with operating system drivers, especially when they are being installed. This could leave end users vulnerable to this vulnerability. Windows operating systems have a feature that allows users to receive information, such as updated driver information, during system startup. This feature can be disabled by the user by selecting “don’t show this message again” when prompted for a driver installation.

Vulnerability Scoring

The score for this vulnerability ranges from 8.1 to 8.3. This vulnerability is rated as high severity due to the potential for a local or remote attacker to exploit this vulnerability, resulting in arbitrary code execution with system privileges.
This vulnerability has been assigned CVE-2022-24455 and has a CVSS v2 base score of 8.1 and a CVSS vector string of AV:L/AC:M/Au:N/C:C/I:C/A:C.

Vulnerability Description

When a user is prompted for a driver installation during system startup, if they select option “install driver” instead of option “update driver”, Windows will not receive the required input from the user. This could potentially allow an attacker to install a malicious driver on the system with system privileges.

Vulnerability – CVE-2022-24455

Vulnerability Scenario:

An attacker is able to access your system and install a malicious driver on the system.
The vulnerability can be exploited by attackers with local or remote access to the system.

Vulnerability Finding Tips

This vulnerability was found by searching for keywords that included “update driver” and “install driver” during system startup. The user is prompted to update the drivers installed on their systems during system startup, so this vulnerability would be more likely to be exploited if the user does not have any malicious drivers on their systems.
The vulnerability could also be exploited by an attacker with local or remote access to the system. An attacker could trick a user into selecting “install driver” during system startup and thus potentially allowing the attacker to install a malicious driver on the system. Windows will then execute the malicious driver as the next highest priority operation. This could potentially result in the installation of a malicious driver with the ability to execute code on the system with system privileges. End users are typically not familiar with operating system drivers, especially when they are being installed. This could leave end users vulnerable to this vulnerability. Windows operating systems have a feature that allows users to receive information, such as updated driver information, during system startup. This feature can be disabled by the user by selecting “don’t show this message again” when prompted for a driver installation.

Timeline

Published on: 03/09/2022 17:15:00 UTC
Last modified on: 03/14/2022 18:41:00 UTC