Microsoft Windows Push Notifications Privilege Escalation Vulnerability

A type confusion vulnerability in Windows Push Notifications has been identified, allowing an authorized attacker to elevate privileges locally. This issue affects several versions of Windows, including various releases of Windows Server, Windows 10, and Windows 11. The vulnerability arises from the access of resources using incompatible types, which could be exploited to move from a low integrity level in a sandboxed environment to a medium integrity level.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain higher-level permissions and potentially access or modify restricted resources or system functions.

Remediation

Users can apply the security updates provided by Microsoft to address this vulnerability. These security updates are available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5063875, KB5063871, KB5063880, KB5063709, and others listed in the vulnerability details.