Microsoft Edge Elevation Service COM Interface Privilege Vulnerability Allowing Security Feature Bypass

A vulnerability exists in the Microsoft Edge Elevation Service due to a privileged COM interface that fails to properly validate the privileges of the calling process. This flaw allows standard (non-administrator) local users to invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait. As a result, the service executes privileged update commands with LocalSystem rights. This exploitation enables a non-administrator to modify protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard', effectively enabling or disabling Windows Virtualization-Based Security (VBS). Disabling VBS undermines critical platform protections, such as Credential Guard, Hypervisor-protected Code Integrity (HVCI), and the Secure Kernel, leading to a security feature bypass.

Impact

Exploitation of this vulnerability allows a local user to disable or enable Windows VBS without administrative privileges, bypassing important platform security measures. While this does not directly grant code execution as another user, it weakens system security, potentially facilitating follow-on attacks.

Remediation

Users are advised to consult the Microsoft Edge Release Notes for security update details and to download the latest security update for Microsoft Edge (Chromium-based) from the Microsoft Edge Update Guide.