Microsoft Virtual Hard Disk Privilege Escalation Vulnerability

A buffer over-read vulnerability has been identified in the Virtual Hard Disk (VHDX) component, allowing an unauthorized attacker to locally elevate privileges. This vulnerability could be exploited by tricking a user into mounting a specially crafted VHD, which would trigger the buffer over-read and potentially lead to unauthorized access or control.

Impact

Exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges on the affected machine.

Remediation

Users can apply the security updates provided by Microsoft to address this vulnerability. These security updates can be downloaded via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5062552, KB5062554, KB5062572, KB5062624, KB5062618, KB5062632, KB5062592, KB5062597, KB5062624, KB5062619, KB5062557, KB5062560, KB5062561, KB5062624, KB5062618, KB5062552, KB5062554, KB5062557, KB5062632, KB5062572.