Description
<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p> <p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p> <p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls..</p>
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 101903 – 1903
- Microsoft / Windows 101709 – 1709
- Microsoft / windows_10_1507
- Microsoft / windows_10_1507
- Microsoft / windows_10_1607
- Microsoft / windows_10_1607
- Microsoft / windows_10_1803
- Microsoft / windows_10_1803
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / windows_10_1909
- Microsoft / windows_10_1909
- Microsoft / Windows 7
- Microsoft / Windows 7
- Microsoft / Windows 8.1
- Microsoft / Windows 8.1
- Microsoft / windows_rt_8.1
- Microsoft / windows_server_1903
- Microsoft / windows_server_1909
- Microsoft / windows_server_2004
- Microsoft / windows_server_2008_R2
- Microsoft / windows_server_2008_sp2
- Microsoft / windows_server_2008_sp2
- Microsoft / Windows Server 2012
- Microsoft / Windows Server 2012 R2
- Microsoft / Windows Server 2016
- Microsoft / Windows Server 2019