Microsoft Windows Fast FAT Driver Integer Overflow Vulnerability Leading to Local Code Execution

A remote code execution vulnerability has been identified in the Windows Fast FAT Driver, affecting multiple versions of Windows 10, Windows 11, and Windows Server. The vulnerability arises from an integer overflow or wraparound, which an unauthorized attacker can exploit by tricking a local user into mounting a specially crafted virtual hard disk (VHD) or inserting malicious FAT-formatted media. This exploitation allows the attacker to execute code locally with elevated privileges.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, a local user must be convinced to mount a malicious VHD file or to insert FAT-formatted media that has been crafted to exploit the integer overflow in the Fast FAT Driver. Once the VHD is mounted or the media is accessed, the vulnerability can be exploited, leading to unauthorized code execution.

Remediation

Users can apply the official security updates from Microsoft to address this vulnerability. These updates are available through the Microsoft Update Catalog. Additionally, the Windows Fast FAT File System Driver can be disabled to prevent the system from mounting FAT-formatted volumes, and Group Policy can be used to restrict VHD mounting permissions to administrators only.