Microsoft Windows and Windows Server Elevation of Privilege Vulnerability in Multimedia Class Scheduler Service

A use-after-free vulnerability has been identified in the Multimedia Class Scheduler Service (MMCSS) on Microsoft Windows and Windows Server platforms. This vulnerability allows an authorized attacker to elevate privileges locally. The issue arises from improper memory management, leading to the potential for unauthorized access to elevated SYSTEM privileges.

Impact

Exploitation of this vulnerability could allow an authorized user to gain elevated privileges, potentially leading to unauthorized actions or access within the system.

Remediation

Users can apply the security update provided by Microsoft to address this vulnerability. This security update is available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5068781, KB5068791, KB5068861, KB5068865, KB5068779, KB5068840, and KB5068966.