CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability.

CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability.

This vulnerability is apparently related to the fact that Windows 8 and 10 have switched to a new system of security verification – Microsoft verified code (MMC) where code (signed) by Microsoft can be trusted. The Windows kernel runs code signed by Microsoft as part of security checks. This potentially gives an attacker code signing authority on the system. This is a big deal as it can be used to run code that has been compromised to elevate privileges. Unfortunately, it is not yet clear how many systems are vulnerable. Microsoft has issued a patch for this issue. It will be interesting to see how quickly systems with the vulnerable firmware upgrade and how many other systems may be vulnerable to this issue. It is possible that this issue could be used by attackers to install malicious code on end-user systems.

Microsoft Windows Kernel Vulnerability

A vulnerability has been discovered in the Windows kernel. This vulnerability is apparently related to the fact that Windows 8 and 10 have switched to a new system of security verification – Microsoft verified code (MMC) where code (signed) by Microsoft can be trusted. The Windows kernel runs code signed by Microsoft as part of security checks. This potentially gives an attacker code signing authority on the system. This is a big deal as it can be used to run code that has been compromised to elevate privileges. Unfortunately, it is not yet clear how many systems are vulnerable. Microsoft has issued a patch for this issue. It will be interesting to see how quickly systems with the vulnerable firmware upgrade and how many other systems may be vulnerable to this issue. It is possible that this issue could be used by attackers to install malicious code on end-user systems.

Microsoft has issued a patch for this issue

Microsoft has released a patch for this issue, so as long as you have applied the patch already, there is no need to worry. For more information, visit https://technet.microsoft.com/en-us/library/security/ms-vulnerabilities.aspx

The importance of digital marketing is its ability to target audiences in an effective way while also reaching your target audience using the most efficient methods available today. With this in mind, if you are looking to grow your business, digital marketing should be on the top of your list of priorities.

Microsoft - Verified Code

Microsoft is the company responsible for implementing technology in Microsoft products. They have a different type of security mechanism called verified code (MMC) which allows them to sign software that is trusted by the system. The vulnerability allows attackers to exploit this feature and install malicious code on systems running Windows 8 or 10. This issue was discovered by Google Project Zero researcher Ian Haken and has been patched by Microsoft.

Microsoft credible-sounding threat warning

As soon as Microsoft issued a credible-sounding threat warning about the vulnerability, many users and organizations rushed to install the patch. It is interesting to note that these kinds of warnings seem to have a significant impact on end-users. While Microsoft has not yet released full technical information, the patch was released quickly and with little fanfare.
It will be interesting to see how this issue develops over time.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe