Microsoft Windows Update Stack Privilege Elevation Vulnerability

A privilege elevation vulnerability has been identified in the Windows Update Stack. This issue arises from improper link resolution before file access, allowing authorized attackers to escalate privileges locally. The vulnerability affects several Windows versions, including Windows 10, Windows 11, and various Windows Server editions. Exploitation takes advantage of the absence or misuse of the 'C:\inetpub' directory, which is a critical target for mitigation.

Impact

Exploitation of this vulnerability allows authenticated attackers to escalate privileges on the affected system, gaining the ability to perform file management operations in the context of the NT AUTHORITY\SYSTEM account.

Reproduction

To reproduce this vulnerability, an authenticated user must exploit the 'link following' issue in the Windows Update Stack. This can be done by manipulating file access links in a way that the system fails to properly resolve them before accessing the files, thereby taking advantage of the vulnerability to escalate privileges.

Remediation

Users should apply the official security updates provided by Microsoft. These updates are available through the Microsoft Update Catalog. After installing the updates, a new 'C:\inetpub' folder will be created. This folder should not be deleted, as it is part of the mitigation process. For systems running Windows Server 2008 R2, the update is included in the Monthly Rollup. A PowerShell script is also available to create and secure the 'C:\inetpub' directory, removing any malicious symlinks and applying strict permissions.