all InfoSec news
Micropatches for Local Privilege Escalation in Microsoft Installer (CVE-2023-21880)
Malware Analysis, News and Indicators - Latest topics malware.news
February 2023 Windows Updates brought a fix for CVE-2023-21800,
a vulnerability in Windows Installer that allows a local low-privileged attacker to run their code as Local System. The
vulnerability was reported to Microsoft by Adrian Denkiewicz with Doyensec. Adrian subsequently wrote an article detailing the vulnerability, which allowed us to reproduce it and create a patch for our users.
The
vulnerability is in one sense a typical symbolic link issue, the types of which we've been seeing …
article code cve escalation february fix installer issue link local local privilege escalation low microsoft patch privilege privileged privilege escalation run system types updates vulnerability windows windows updates