Microsoft Windows Speech Improper Input Validation Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability has been identified in Microsoft Windows Speech due to improper input validation. This flaw allows an authorized attacker to locally elevate privileges. The vulnerability affects multiple Windows versions, including Windows 10, Windows 11, Windows Server 2016, Windows Server 2022, and Windows Server 2019. Successful exploitation could grant SYSTEM privileges, according to Microsoft.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM privileges.
Remediation
Users can download the security update for this vulnerability via the Microsoft Update Catalog. Security Update KB5066836 is available for Windows Server 2016, while KB5066837 can be downloaded for various Windows 10 and Windows 11 versions. For Windows Server 2022, the security update is also available through the Microsoft Update Catalog.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.