Microsoft Virtual Hard Disk Privilege Escalation Vulnerability

A vulnerability allowing integer overflow or wraparound in the Virtual Hard Disk (VHDX) component has been identified. This flaw enables an unauthorized attacker to locally elevate privileges. The vulnerability arises when a local user is tricked into mounting a specially crafted VHD, which can then exploit the integer overflow to gain SYSTEM privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM rights on the affected machine.

Remediation

Users can apply the security updates provided by Microsoft to address this vulnerability. These security updates can be downloaded via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5062552, KB5062554, KB5062557, KB5062570, KB5062597, KB5062553, and KB5062560.