all InfoSec news
Micropatches Released For Microsoft Windows XAML diagnostics API Elevation of Privilege (CVE-2023-36003)
Malware Analysis, News and Indicators - Latest topics malware.news
December 2023 Windows Updates brought a patch for CVE-2023-36003, a privilege escalation vulnerability in Microsoft Windows XAML diagnostics API. The vulnerability allows a low-privileged Windows process to execute arbitrary code in a higher-privileged process running in the same user session, and is therefore useful for elevating from a non-admin to admin user.
Security researcher Michael Maltsev, who found this vulnerability and reported it to Microsoft in July 2023, wrote a detailed article and published a POC. These …
api arbitrary code code cve december december 2023 elevation of privilege escalation higher low microsoft microsoft windows patch privilege privileged privilege escalation process running session updates vulnerability windows windows updates