CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability
1 min readZero-Day Vulnerability
CVSS score: 7.8
Attack vector: The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document)
Attack Complexity: Low
Privileges Required: Some Privileges are required for the attack to perform an attack
User Interaction: Successful exploitation of this vulnerability does not require any user interaction.
Impact: High against Confidentiality, Integrity and Availability
Exploit Code: Proof of Concept published
Remediation Level: Microsoft has provided a patch
Impacted Software: Windows Fax and Scan Service
Vulnerable Operating Systems:
- Windows Server 2008 R2
- Windows Server 2008
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2016
- Windows Server 20H2
- Windows Server 2022
- Windows Server 2019
- Windows RT 8.1
- Windows 10 32 bit
- Windows 10 21H2
- Windows 10 1607
- Windows 10 Version 21H1
- Windows 10 Version 1909
- Windows 10 Version 1809
- Windows 10 Version 20H2
- Windows 11
- Windows 8.1
- Windows 7