Microsoft Visual Studio Tools for Applications and SQL Server Management Studio Privilege Escalation Vulnerability

A vulnerability allowing unauthorized privilege escalation has been identified in Visual Studio Tools for Applications (VSTA) 2019, VSTA 2022, and SQL Server Management Studio (SSMS) 20.2. This vulnerability arises from an uncontrolled search path element, which could be exploited by an authenticated attacker to gain elevated privileges locally.

Impact

Exploitation of this vulnerability could allow an authenticated user to gain elevated privileges on the local system.

Reproduction

To reproduce this vulnerability, an authenticated attacker must place a specially crafted .dll file in a local network location. When the victim accesses this location and executes the file, the malicious DLL is loaded, leading to privilege escalation.

Remediation

Users can apply the security update available through the Microsoft Update Catalog. For SQL Server Management Studio, the update can be downloaded from the SSMS release notes page. For Visual Studio Tools for Applications, the update is available on the VSTA 2019 and VSTA 2022 download pages.