Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2022-41077

Опубликовано: 13 дек. 2022
Источник: msrc
CVSS3: 7.8
EPSS Низкий

Описание

Windows Fax Compose Form Elevation of Privilege Vulnerability

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

In what scenarios is my computer vulnerable?

For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable.

How can I verify whether the Fax service is running?

  1. Hold the Windows key and press R on your keyboard. This will open the Run dialog.
  2. Type services.msc and press Enter to open the Services window.
  3. Scroll through the list and locate the Fax service.
    • If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable.
    • If the Fax service is listed but the status is not Running, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for 32-bit Systems Service Pack 2
50212895021293
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2
50212895021293
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
50212895021293
Monthly RollupSecurity Only
Windows 7 for 32-bit Systems Service Pack 1
50212915021288
Monthly RollupSecurity Only
Windows 7 for x64-based Systems Service Pack 1
50212915021288
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
50212915021288
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1
50212915021288
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
50212895021293
Monthly RollupSecurity Only
Windows Server 2012
50212855021303
Monthly RollupSecurity Only
Windows Server 2012 (Server Core installation)
50212855021303
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 48%
0.00248
Низкий

7.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-41077

CVSS3: 7.8
nvd
больше 2 лет назад

Windows Fax Compose Form Elevation of Privilege Vulnerability

github логотип

GHSA-f9g9-qcpx-rfvp

CVSS3: 7.8
github
больше 2 лет назад

Windows Fax Compose Form Elevation of Privilege Vulnerability.

fstec логотип

BDU:2022-07459

CVSS3: 7.8
fstec
больше 2 лет назад

Уязвимость компонента Fax Compose Form операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 48%
0.00248
Низкий

7.8 High

CVSS3