Description
An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the p2pimsvc service handles processes these requests.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 101709 – 1709
- Microsoft / Windows 101703 – 1703
- Microsoft / Windows 101903 – 1903
- Microsoft / windows_10_1507
- Microsoft / windows_10_1507
- Microsoft / windows_10_1607
- Microsoft / windows_10_1607
- Microsoft / windows_10_1803
- Microsoft / windows_10_1803
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / Windows 7
- Microsoft / Windows 7
- Microsoft / Windows 8.1
- Microsoft / Windows 8.1
- Microsoft / windows_rt_8.1
- Microsoft / windows_server_1803
- Microsoft / windows_server_1903
- Microsoft / windows_server_2008
- Microsoft / windows_server_2008_R2
- Microsoft / windows_server_2008_R2
- Microsoft / windows_server_2008_sp2
- Microsoft / windows_server_2008_sp2
- Microsoft / Windows Server 2012
- Microsoft / Windows Server 2012 R2
- Microsoft / Windows Server 2016
- Microsoft / Windows Server 2019