Описание
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
FAQ
What privileges would an attacker gain by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could potentially leak data from the target enclave or execute code within the context of the target enclave.
Are there any additional steps that I need to follow to be protected from this vulnerability?
The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 11 Version 22H2 for ARM64-based Systems | ||
| Windows 11 Version 22H2 for x64-based Systems | ||
| Windows 11 Version 23H2 for ARM64-based Systems | ||
| Windows 11 Version 23H2 for x64-based Systems | ||
| Windows 11 Version 24H2 for ARM64-based Systems | ||
| Windows 11 Version 24H2 for x64-based Systems | ||
| Windows 11 Version 25H2 for ARM64-based Systems | ||
| Windows 11 Version 25H2 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7 High
CVSS3
Связанные уязвимости
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
EPSS
7 High
CVSS3