CVE-2023-21725 : Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Published 2023-01-10 22:15:17

Updated 2024-05-29 03:15:26

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-21725

Microsoft » Windows Malicious Software Removal Tool
Versions before (<) 5.109
cpe:2.3:a:microsoft:windows_malicious_software_removal_tool:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.3	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H	1.0	5.2	Microsoft Corporation
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: secure@microsoft.com (Secondary)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725

CVE-2023-21725 - Security Update Guide - Microsoft - Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Jump to