Lucene search
K

13 matches found

Metasploit
Metasploit
added 2022/04/12 5:42 p.m.347 views

User Profile Arbitrary Junction Creation Local Privilege Elevation

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

7.8CVSS8.4AI score0.14393EPSS
Exploits2
0day.today
0day.today
added 2022/04/12 12:0 a.m.1689 views

Windows User Profile Service Privlege Escalation Exploit

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

7.8CVSS8.9AI score0.14393EPSS
Exploits2
hivepro
hivepro
added 2022/03/25 1:56 p.m.60 views

Microsoft’s privilege escalation vulnerability that refuses to go away

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After seven months, a vulnerability that was addressed in August 2021 patch Tuesday remained unpatched. This locally exploited vulnerability is tracked as CVE-2021-34484 and affects the Windows User Profile Service. While...

6.9CVSS0.9AI score0.14393EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/01/12 6:42 a.m.169 views

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated...

10CVSS0.6AI score0.9279EPSS
Exploits24
Circl
Circl
added 2022/01/12 12:17 a.m.26 views

CVE-2022-21919

creationtimestamp| type| source ---|---|--- 2022-01-12 00:17:29+00:00| seen| https://t.me/cibsecurity/35279 2022-01-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=715 2022-01-12 13:10:46+00:00| published-proof-of-concept| https://t.me/poxek/449 2022-01-12 14:49:26+00:0...

7CVSS7.4AI score0.0295EPSS
Exploits2References10
ThreatPost
ThreatPost
added 2022/01/11 9:54 p.m.83 views

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days. The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows...

10CVSS9.2AI score0.9279EPSS
Exploits24References22
NVD
NVD
added 2022/01/11 9:15 p.m.21 views

CVE-2022-21919

Windows User Profile Service Elevation of Privilege Vulnerability...

7CVSS0.0295EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2022/01/11 8:23 p.m.14 views

CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability

...

7CVSS7.2AI score0.0295EPSS
Exploits2References1
CVE
CVE
added 2022/01/11 8:23 p.m.1175 views

CVE-2022-21919

CVE-2022-21919 is a Windows User Profile Service elevation-of-privilege bug. Connected docs describe the root cause as improper validation in profext.dll’s CreateDirectoryJunction, enabling a directory junction attack to escalate to SYSTEM by abusing UI/UX (Narrator/consent.exe) and UAC. Some sou...

7CVSS8.2AI score0.0295EPSS
In wildExploits2References3Affected Software17
ATTACKERKB
ATTACKERKB
added 2022/01/11 12:0 a.m.269 views

CVE-2022-21919

Windows User Profile Service Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at January 12, 2022 12:07am UTC reported: Update: As predicted there is a patch bypass for this, now labled as CVE-2022-26904 According to https://twitter.com/KLINIX5/status/1480996599165763587 this...

7.8CVSS8.6AI score0.14393EPSS
In wildExploits2References3
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.99 views

KB5009557: Windows 10 Version 1809 and Windows Server 2019 Security Update (January 2022)

The remote Windows host is missing security update 5009557. It is, therefore, affected by multiple vulnerabilities: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2022-21836 - A denial of service DoS vulnerabilit...

10CVSS7.8AI score0.9279EPSS
Exploits33References83
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.53 views

KB5009543: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (January 2022)

The remote Windows host is missing security update 5009543. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-21849, CVE-2022-21850,...

10CVSS7.8AI score0.9279EPSS
Exploits33References82
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.97 views

KB5009595: Windows 8.1 and Windows Server 2012 R2 Security Updates (January 2022)

The remote Windows host is missing security update 5009595 or cumulative update 5009624. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...

9.3CVSS7.9AI score0.25019EPSS
Exploits3References54
Rows per page
Query Builder