CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability.

CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability.

This may occur if a malicious user is able to successfully log into an account where the UPLEVEL service has been configured and is running. If this happens, the user may be able to gain elevated privileges on the system. Microsoft is aware of this issue and has released a patch for Windows 7/Server 2008 R2 and Windows 8/Server 2012. Uplevel is disabled by default on newer operating systems, and you should verify that it is enabled on your system. To do this, open the Windows Control Panel, click Administrative Tools, and then click Services. Look for the User Profile Service link. If it is not enabled, then you need to do so. After enabling the service, you need to make sure that it is running on a high priority. The next step is to verify that Uplevel is running on your system. To do this, open a command prompt as an administrator and run the following command: sc query uprofile If you see Microsoft Windows is not currently configured to start the User Profile Service, then you need to follow the steps above to enable the service. After doing that, you need to make sure that it is running on a high priority, and then you need to restart your computer for the changes to take effect.

Microsoft Windows Component Information Disclosure Vulnerability

This is an information disclosure vulnerability that leads to elevation of privileges.

Microsoft Windows Updater Service

The Microsoft Windows Updater service is a background service that automatically updates the Microsoft Windows operating system.
If you have an older version of Windows and your system is not running the latest version, you can use this service to update it with the latest patches. It should be noted that if the user account where the service runs has insufficient privileges or the computer is in a locked-down environment, then this service will not be able to perform its updates.

Microsoft Security Update for CVE-2014-4113

This security update resolves a vulnerability in the Microsoft UPLEVEL service that could allow a malicious user to obtain elevated privileges on the system.

Microsoft also has a known issue with Group Policy

, which may cause the Uplevel service to stop running when it should be running. In order to fix this, check out Microsoft KB article 2909298 for instructions on how to disable Group Policy for Windows 7/Server 2008 R2 and Windows 8/Server 2012.

Uplevel is a service that manages user accounts in a domain that has been configured with UPLEVEL. It provides the ability for users to log into any domain account without having to enter the password via a graphical interface. If a malicious user is able to successfully log into an account containing Uplevel, they could gain elevated privileges on the system. The issue exists on various operating systems including Windows 7/Server 2008 R2 and Windows 8/Server 2012, and Microsoft has released patches in order to fix the issue as well as provide mitigation steps of how you can address it if needed.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe