Microsoft Windows Hello Privilege Assignment Vulnerability Allowing Local Tampering

A vulnerability has been identified in Windows Hello, related to incorrect privilege assignment. This flaw allows an unauthorized attacker to perform tampering actions locally. The issue affects multiple Microsoft products, including Windows Server 2016, Windows 10 (various versions and architectures), Windows Server 2022, Windows 11 (various versions and architectures), and Windows Server 2019.

Impact

Exploitation of this vulnerability could lead to unauthorized local tampering.

Remediation

Users can apply the security update KB5073722 for Windows Server 2016, Windows 10 Version 1607, and Windows 11 Version 24H2. For Windows Server 2025, the security update KB5073379 is available. Windows Server 2022, 23H2 Edition (Server Core installation) users can also apply the security update KB5073450. For Windows 10 Version 22H2 and Windows 11 Versions 23H2 and 25H2, security updates are available. Windows Server 2019 users can apply the security update KB5073723.