Microsoft Windows Cluster Shared Volume (CSV) privilege escalation | CVE-2022-26932
NAME
Microsoft Windows Cluster Shared Volume (CSV) privilege escalation
- Platforms Affected:
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server (Server Core installation) 2019
Microsoft Windows Server (Server Core installation) 20H2
Microsoft Windows Server (Server Core installation) 2016
Microsoft Windows Server 2022
Microsoft Windows Server (Server Core installation) 2022 - Risk Level:
8.2 - Exploitability:
Unproven - Consequences:
Gain Privileges
DESCRIPTION
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cluster Shared Volume (CSV). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches. See references.
- Reference Link:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-26932 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26932
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
