Описание
Azure Local Elevation of Privilege Vulnerability
Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.
FAQ
What privileges would an attacker gain by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could load a non-Microsoft DLL into an enclave, potentially leading to code execution within the context of the target enclave.
Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?
Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Stack HCI OS 22H2 | ||
| Azure Stack HCI OS 23H2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.
Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.
Уязвимость гиперконвергентной инфраструктуры Microsoft Azure Stack (HCI), связанная с недостаточной проверкой входных данных, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3