In some circumstances, there is a possible local escalation of privilege with no additional privileges needed. This could occur when a local application is running with elevated privileges due to a denial of service attack. Patch management is strongly advised to avoid such situations. An attacker could exploit the vulnerability by running a malicious application with elevated privileges. User interaction is needed for exploitation. In a enterprise scenario, remote exploitation could be done through malicious Remote Desktop Viewers or via remote access. Patch management is advised to avoid such situations. In a remote scenario, patch management is advised to avoid such situations. An attacker could exploit the vulnerability by running a malicious application with elevated privileges. User interaction is needed for exploitation. In a remote scenario, remote exploitation could be done through malicious Remote Desktop Viewers or via remote access. Patch management is advised to avoid such situations.

Vulnerability Scenario

A local application with elevated privileges due to a denial of service attack is vulnerable to privilege escalation. Patch management is advised to avoid such situations. An attacker could exploit the vulnerability by running a malicious application with elevated privileges. User interaction is needed for exploitation. In a enterprise scenario, remote exploitation could be done through malicious Remote Desktop Viewers or via remote access. Patch management is advised to avoid such situations. In a remote scenario, patch management is advised to avoid such situations. An attacker could exploit the vulnerability by running a malicious application with elevated privileges. User interaction is needed for exploitation. In a remote scenario, remote exploitation could be done through malicious Remote Desktop Viewers or via remote access. Patch management is advised to avoid such situations.

Vulnerability Discovery and Description

CVE-2022-26471 is an issue that affects the following Microsoft products: Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10. This vulnerability can be exploited by malicious applications to elevate their privileges on a system without any additional privileges needed.

This vulnerability is caused by the way File Transfer Protocol (FTP) handles certain files in memory. The FTP service has some permissions that are higher than those of regular users of the system . As a result, it is possible for a local application to elevate its privileges without any additional privilege needed when processing FTP requests in memory. An attacker could exploit this vulnerability through running malicious applications with elevated privileges on systems where the vulnerable FTP service is installed.

Vulnerability overview

This vulnerability is a local privilege escalation on Windows 7, 8.1 and 10 for x64 systems.
An attacker could exploit the vulnerability by running a malicious application with elevated privileges. User interaction is needed for exploitation. In a enterprise scenario, remote exploitation could be done through malicious Remote Desktop Viewers or via remote access. Patch management is advised to avoid such situations. In a remote scenario, patch management is advised to avoid such situations. An attacker could exploit the vulnerability by running a malicious application with elevated privileges. User interaction is needed for exploitation. In a remote scenario, remote exploitation could be done through malicious Remote Desktop Viewers or via remote access. Patch management is advised to avoid such situations.

Vulnerability Scenario

An attacker may be able to exploit CVE-2022-26471 through malicious Remote Desktop Viewers or via remote access.
Patch management is advised to avoid such situations.

Timeline

Published on: 10/07/2022 20:15:00 UTC
Last modified on: 10/11/2022 16:14:00 UTC

References