A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions.
A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.
The good news is that the exploit requires a threat actor to know another user's user name and password to trigger the vulnerability, so it will likely not be widely abused in attacks.
The bad news is that it affects all versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.