SB2022041225 - Multiple vulnerabilities in Microsoft Windows Win32k
Published: April 12, 2022 Updated: April 25, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2022-24542)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the UMPDDrvStartBanding, UMPDDrvFillPath, UMPDDrvFontManagement calls in win32kfull driver. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with SYSTEM privileges.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-24474)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Win32k, which leads to security restrictions bypass and privilege escalation.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24542
- https://www.zerodayinitiative.com/advisories/ZDI-22-1024/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1023/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1022/
- https://www.zerodayinitiative.com/advisories/ZDI-23-462/
- https://www.zerodayinitiative.com/advisories/ZDI-23-461/
- https://www.zerodayinitiative.com/advisories/ZDI-23-460/
- https://www.zerodayinitiative.com/advisories/ZDI-23-459/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24474