SB2017031418 - Privilege escalation in Microsoft Windows HelpPane
Published: March 14, 2017 Updated: March 16, 2017
Security Bulletin ID
SB2017031418
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Privilege escalation (CVE-ID: CVE-2017-0100)
The vulnerability allows a local user to elevate privileges.
The vulnerability exists due to failure to properly authenticate a client in when a DCOM object in Helppane.exe configured to run as the interactive user. A local user can execute specially crafted application and gain elevated privileges once another user is logged in to the same system via Terminal Services or Fast User Switching.
Successful exploitation of this vulnerability may allow an attacker to escalate privileges on the system.
Remediation
Install update from vendor's website.