SB2022110813 - Multiple vulnerabilities in Microsoft Windows Win32k

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-41109)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the way BoundClipRGNToSurface merges surfaces in Win32k UMPD. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with SYSTEM privileges.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-41092)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Win32k, which leads to security restrictions bypass and privilege escalation.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41109
• https://ssd-disclosure.com/win32k-user-mode-printer-drivers-startdoc-uaf
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41092