Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2022/04/15 7:5 p.m.16 views

CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability

...

7CVSS6.8AI score0.09817EPSS
Exploits2References1
CVE
CVE
added 2022/04/15 7:5 p.m.1120 views

CVE-2022-26904

CVE-2022-26904 is a Windows User Profile Service Elevation of Privilege vulnerability. The issue is a race-condition–driven LPE in the User Profile Service, with attacker-controlled code execution at SYSTEM granted by bypasses and PoCs described in public sources. A Metasploit module exists for t...

7CVSS8.2AI score0.09817EPSS
In wildExploits2References2Affected Software17
hivepro
hivepro
added 2022/04/14 5:8 a.m.63 views

Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 128 vulnerabilities in there April patch Tuesday update. Two of them have been categorized as zero-day vulnerabilities. One of the two zero-days is exploited-in-the-wild as well. The vulnerability,...

4.6CVSS1.4AI score0.09817EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/04/13 3:22 a.m.170 views

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Microsoft's Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated...

10CVSS0.5AI score0.91316EPSS
Exploits22
Metasploit
Metasploit
added 2022/04/12 5:42 p.m.346 views

User Profile Arbitrary Junction Creation Local Privilege Elevation

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

7.8CVSS8.4AI score0.14393EPSS
Exploits2
0day.today
0day.today
added 2022/04/12 12:0 a.m.1678 views

Windows User Profile Service Privlege Escalation Exploit

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

7.8CVSS8.9AI score0.14393EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/04/12 12:0 a.m.83 views

KB5012632: Windows Server 2008 Security Update (April 2022)

The remote Windows host is missing security update 5012632 or cumulative update 5012658. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

10CVSS8.4AI score0.91316EPSS
Exploits20References47
Tenable Nessus
Tenable Nessus
added 2022/04/12 12:0 a.m.115 views

KB5012670: Windows 8.1 and Windows Server 2012 R2 Security Update (April 2022)

The remote Windows host is missing security update 5012639 or cumulative update 5012670. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2022-24474, CVE-2022-24481, CVE-2022-24494,...

10CVSS8.1AI score0.91316EPSS
Exploits23References66
Tenable Nessus
Tenable Nessus
added 2022/04/12 12:0 a.m.79 views

KB5012666: Windows Server 2012 Security Update (April 2022)

The remote Windows host is missing security update 5012666 or cumulative update 5012650. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

10CVSS8.2AI score0.91316EPSS
Exploits21References57
Tenable Nessus
Tenable Nessus
added 2022/04/12 12:0 a.m.75 views

KB5012653: Windows 10 version 1507 LTS Security Update (April 2022)

The remote Windows host is missing security update 5012653. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2022-26798, CVE-2022-26801, CVE-2022-26786, CVE-2022-24549, CVE-2022-26794,...

10CVSS8.1AI score0.91316EPSS
Exploits23References54
Rapid7 Blog
Rapid7 Blog
added 2022/04/08 5:50 p.m.602 views

Metasploit Wrap-Up

Windows Local Privilege Escalation for standard users In this week’s release, we have an exciting new module that has been added by our very own Grant Willcox which exploits CVE-2022-26904, and allows for normal users to execute code as NT AUTHORITY/SYSTEM on Windows machines from Windows 7 up to...

10CVSS0.8AI score0.68733EPSS
Exploits7
Circl
Circl
added 2022/03/28 11:0 a.m.16 views

CVE-2022-26904

creationtimestamp| type| source ---|---|--- 2022-03-28 11:00:54+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5692 2022-04-11 20:28:05+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve202226904superprofile.rb...

7CVSS7.4AI score0.09817EPSS
Exploits2References11
Rows per page
Query Builder