Microsoft Windows UPnP Device Host Privilege Escalation Vulnerability

A use-after-free vulnerability has been identified in the Windows Universal Plug and Play (UPnP) Device Host. This vulnerability allows an authorized attacker to locally elevate privileges. The issue arises from improper memory management, which can be exploited to gain access to a limited set of administrator-protected objects.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights on the affected system.

Remediation

Users can apply the security update KB5082123 for Windows Server 2019, KB5082200 for Windows 10 versions 22H2, 21H2, and 1809, KB5083768 for Windows 11 version 26H1, KB5082198 for Windows Server 2016, and KB5082063 for Windows Server 2025. For Windows Server 2022, the security update is included in the monthly rollup. Instructions for downloading these security updates are available on the Microsoft Update Catalog.