Micropatch Released for Windows Authentication Elevation of Privilege Vulnerability (CVE-2023-36047) | allinfosecnews.com

May 30, 2024, 1:50 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

We have just released a micropatch for CVE-2023-36047,

a local privilege escalation vulnerability found by Filip Dragović in the way Windows handle files when a user changes their account picture. Filip discovered that on Windows 11, when you change your account picture, this picture is copied to a destination folder by a privileged process (the “User Manager” service). Since this folder is under user’s control, they can set up symbolic links to “redirect” the copying to an arbitrary location. …

account authentication change cve elevation of privilege escalation files folder found local local privilege escalation micropatch privilege privilege escalation vulnerability windows windows 11

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Who Has the Best Scanning Tools in China? 50 minutes ago | malware.news

china communications cybersecurity cybersecurity industry +16

Google details nightmare whack-a-mole scenario with Dragonbridge disinfo campaign an hour ago | malware.news

accounts arm article campaign +15

CDK Global outage likely to last until July, as ransom demand looms an hour ago | malware.news

across the us article blacksuit car +12

Phishing Reporter Release on July 27, 2024 an hour ago | malware.news

address administrators app awareness +21

Polyfill Fuels Supply Chain Concerns with Malicious Redirects: +100,000 Websites Affected an hour ago | malware.news

attack code library malicious +10

Lurking npm package makes the case for open source health checks an hour ago | malware.news

case easy health health checks +19

Federal Reserve “breached” data may actually belong to Evolve Bank 2 hours ago | malware.news

bank banking breached central +22

Over 100K sites hit by Polyfill.io supply chain attack 2 hours ago | malware.news

acquisition analytics article attack +13

Supply chain attack compromises WordPress plugins 2 hours ago | malware.news

account admin article attack +16

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California

View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel

View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN

View on infosec-jobs.com