Once an attacker gets onto a victim’s computer, they can exploit an LPE (Local Privilege Escalation) vulnerability to then take over the system and follow through with the attack. The vulnerability was discovered as part of a regular study of popular programs and the vendor was informed immediately as part of the responsible disclosure policy. The Microsoft team patched the issue shortly after, and all users should install the update as soon as possible,
Head of the Vulnerability Analysis Group at the PT Expert Security Centre, Sergey Tarasov, made a statement.
An attacker might obtain SYSTEM privileges if they were successful in exploiting this vulnerability. The problem was discovered by Positive Technologies’ Sergey Tarasov.
About the Vulnerability : Local Privilege Escalation (LPE) vulnerability
The Win32k driver’s improper handling of environment menus, which might be exploited to execute arbitrary code in kernel mode, is the subject of CVE-2017-0263. After that, an attacker might install apps, view, change, or remove data, or make new accounts with system access
An attacker could be able to elevate user privileges to the system level. According to PT Expert Security Center’s expertise, attackers employ this method in order to obtain access to the most important parts of the system, and it is typically a prerequisite for the attack’s advancement.
Systems Vulnerable To The Vulnerability
Windows Server 2025
Windows Server 2025 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems