"An attacker must first gain access to the system, subsequently running a specifically crafted application to exploit the vulnerability," explained Henry Smith, senior security engineer at Automox.
"This could lead to unauthorized execution of privileged RPC functions, potentially allowing the creation of new users or modification of system settings at a higher privilege level than the attacker initially possessed."
"Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability," the tech giant noted.
"Microsoft classifies this as less likely to be exploited, but it's a potentially bad bug nevertheless."
Collection
[
|
...
]