An issue was discovered in certain Windows-based computers that allows remote attackers to gain elevated privileges on the system. The vulnerability is triggered when a user browses or prints a maliciously crafted document. It is important to note that this vulnerability is only exploitable by remote attackers and cannot be exploited by users.
In order to exploit the vulnerability, an attacker needs to send a user a malicious document (for example, a document with a convincing but malicious link in it, or a document with a malicious macro in it). A remote attacker can send a user a malicious document by sending the user a link or by sending the user a malicious email message. It is important to note that Windows Fax and Scan Service is an optional component of Windows that is enabled by default in Windows Vista, 7, 8, and 10. Therefore, it is recommended that users enable the Windows Fax and Scan Service on their systems to make sure this issue doesn’t affect them.

Vulnerability overview

The vulnerability is triggered when a user browses or prints a maliciously crafted document. It is important to note that this vulnerability is only exploitable by remote attackers and cannot be exploited by users. In order to exploit the vulnerability, an attacker needs to send a user a malicious document (for example, a document with a convincing but malicious link in it, or a document with a malicious macro in it).

Steps to Take Before You Proceed

- Ensure that Windows Fax and Scan Service is enabled on your system
- If you use Microsoft Office, make sure to update to the latest version of the application
- Consider turning off Autorun on your system
* Please note that this vulnerability does not affect all users as only remote attackers can exploit it. It is important to also note that this vulnerability cannot be exploited by users.

Vulnerability discovery and exploitation

The vulnerability is located in the Windows Fax and Scan Service service. A user browsing or printing a maliciously crafted document triggers a heap overflow condition in the affected process. If a user browses or prints the maliciously crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
In order to exploit this vulnerability, an attacker needs to send a user either a link or an email message that contains a malicious document that triggers the vulnerability. The attacker could send this malicious document by sending it as an attachment of email, as an embedded file of web-based email, or via instant messaging services. This issue has been assigned CVE-2022-24459

Timeline

Published on: 03/09/2022 17:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC

References