Microsoft Windows Authentication Elevation of Privilege Vulnerability

A vulnerability has been identified in Windows Authentication Methods, where improper validation of certain input types allows an authorized attacker to locally elevate privileges. This issue affects multiple Windows Server and client versions, including Windows Server 2008 R2, Windows Server 2012 R2, Windows 10 (various versions), Windows 11 (various versions), and Windows Server 2022. The vulnerability could be exploited by an attacker who has logged onto the system, either by running a specially crafted application or by convincing a local user to open a malicious file.

Impact

Exploitation of this vulnerability could allow an attacker to gain administrator privileges on the affected system.

Remediation

Users can apply the security update for this vulnerability, which is available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles linked in the product update guidance.