all InfoSec news
Micropatches for Windows COM+ Event System Service Elevation of Privilege Vulnerability (E-2022-41033)
Malware Analysis, News and Indicators - Latest topics malware.news
October 2022 Windows Updates brought a fix for CVE-2022-41033, a local privilege escalation vulnerability in Windows COM+ Event System Service. The vulnerability was reported to Microsoft by an anonymous source, but subsequently James Forshaw of Google Project Zero published their analysis, which included proof of concept code.
This "type confusion" vulnerability allows a local low-privileged attacker to provide a memory address of their choosing to vulnerable code. The POC demonstrates reading from such address (and crashes the Event …
address analysis anonymous code concept cve cve-2022-41033 escalation event fix google google project zero james local local privilege escalation low memory microsoft october privilege privileged privilege escalation project project zero service system type confusion updates vulnerability vulnerable windows windows updates