all InfoSec news
Micropatch Released for Windows Authentication Elevation of Privilege Vulnerability (CVE-2023-36047)
Malware Analysis, News and Indicators - Latest topics malware.news
We have just released a micropatch for CVE-2023-36047,
a local privilege escalation vulnerability found by Filip Dragović in the way Windows handle files when a user changes their account picture. Filip discovered that on Windows 11, when you change your account picture, this picture is copied to a destination folder by a privileged process (the “User Manager” service). Since this folder is under user’s control, they can set up symbolic links to “redirect” the copying to an arbitrary location. …
account authentication change cve elevation of privilege escalation files folder found local local privilege escalation micropatch privilege privilege escalation vulnerability windows windows 11