Lucene search
Abdelhamid NaceriZDI-22-050HistoryJan 13, 2022 - 12:00 a.m.
Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability
2022-01-1300:00:00
Abdelhamid Naceri
www.zerodayinitiative.com
18
0.001 Low
EPSS
Percentile
27.8%
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
cvelist
cvelist
cve
cve
CVE-2022-21895
2022-01-11 21:15:12
mscve
mscve
Windows User Profile Service Elevation of Privilege Vulnerability
2022-01-11 08:00:00
nvd
nvd
CVE-2022-21895
2022-01-11 21:15:12
prion
prion
Privilege escalation
2022-01-11 21:15:00
nessus
nessus
KB5009619: Windows Server 2012 Security Update (January 2022)
2022-01-11 00:00:00
mskb
mskb
January 11, 2022âKB5009595 (Security-only update)
2022-01-11 08:00:00
January 11, 2022âKB5009586 (Monthly Rollup)
2022-01-11 08:00:00
January 11, 2022âKB5009619 (Security-only update)
2022-01-11 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5009624)
2022-01-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5009585)
2022-01-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5009546)
2022-01-12 00:00:00
kaspersky
kaspersky
KLA12423 Multiple vulnerabilities in Microsoft Products (ESU)
2022-01-11 00:00:00
KLA12422 Multiple vulnerabilities in Microsoft Windows
2022-01-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2022
2022-01-11 21:41:56