Microsoft Windows SSDP Service Privilege Escalation Vulnerability

A type confusion vulnerability has been identified in the Windows Simple Search and Discovery Protocol (SSDP) Service. This vulnerability allows an authorized attacker to elevate privileges locally. The issue arises from the access of resources using incompatible types, which could potentially be exploited to crash the system by leveraging a related use-after-free vulnerability.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a standard user to gain elevated rights and potentially disrupt system stability by causing crashes.

Remediation

Users can apply the security updates provided in the Microsoft Knowledge Base articles KB5062597, KB5062592, KB5062632, KB5062619, KB5062624, KB5062618, and KB5062624 for Windows Server 2008 for 32-bit Systems Service Pack 2. These updates are available through the Microsoft Update Catalog.