12 September 2024

Security I Trust

Helping you build Security and Trust

CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability

1 min read

Zero-Day Vulnerability
CVSS score: 7.8
Attack vector: The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document)

Attack Complexity: Low
Privileges Required: Some Privileges are required for the attack to perform an attack
User Interaction: Successful exploitation of this vulnerability does not require any user interaction.
Impact: High against Confidentiality, Integrity and Availability
Exploit Code: Proof of Concept published
Remediation Level: Microsoft has provided a patch
Impacted Software: Windows Fax and Scan Service

Vulnerable Operating Systems:

  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2016
  • Windows Server 20H2
  • Windows Server 2022
  • Windows Server 2019
  • Windows RT 8.1
  • Windows 10 32 bit
  • Windows 10 21H2
  • Windows 10 1607
  • Windows 10 Version 21H1
  • Windows 10 Version 1909
  • Windows 10 Version 1809
  • Windows 10 Version 20H2
  • Windows 11
  • Windows 8.1
  • Windows 7

Leave a Reply