Microsoft Windows Storage Spaces Controller Privilege Escalation Vulnerability

A vulnerability allowing integer overflow or wraparound has been identified in Windows Storage Spaces Controller. This flaw enables an authorized attacker to locally elevate privileges. The vulnerability affects multiple Windows versions, including Windows Server 2012 R2, Windows Server 2016, various Windows 10 versions, Windows 11, and Windows Server 2022.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM privileges.

Remediation

Users can apply the security update for their specific Windows version. For Windows Server 2012 R2, the update is available as part of the Monthly Rollup. Windows Server 2016 users can download the security update through the Microsoft Update Catalog. For Windows 10 and Windows 11, security updates can also be obtained via the Microsoft Update Catalog. Windows Server 2022 users should refer to the same update catalog for the security hotpatch update.