CVE-2017-0213 Windows COM elevation of privilege vulnerability-vulnerability warning-the black bar safety net

CVE-2017-0213 Windows COM elevation of privilege vulnerability components take a look at this vulnerability:

<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213&gt;

Windows COM Aggregate Marshaler in the realization of the presence of Privilege escalation vulnerability allows a remote attacker to elevate privileges to execute arbitrary code.

Vernacular: in package a COM component can provide the right

Microsoft’s official said:

Elevation of privileges exists in the Windows COM package. An attacker successfully exploited the vulnerability could run arbitrary code with higher privileges. In order to exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability itself does not allow arbitrary code to run. However, the vulnerability may be associated with one or more vulnerabilities such as remote code execution vulnerabilities and the another privilege level, used together, can be in the running with elevated privileges.

The affected versions are as follows:

| | | |
—|—|—|—
Product | Version | Update | Tested
Windows 10 | | | √
Windows 10 | 1511 | |
Windows 10 | 1607 | |
Windows 10 | 1703 | | √
Windows 7 | | SP1 | √
Windows 8.1 | | |
Windows RT 8.1 | | |
Windows Server 2008 | | SP2 |
Windows Server 2008 | R2 | SP1 |
Windows Server 2012 | | |
Windows Server 2012 | R2 | |
Windows Server 2016 | | |

[1] [2] next