First published: Tue Jan 11 2022(Updated: )
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SilentCleanup scheduled task. By creating a symbolic link, an attacker can abuse the task to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
=20H2 | ||
=20H2 | ||
=20H2 | ||
=20H2 | ||
=1809 | ||
=1809 | ||
=1809 | ||
=1607 | ||
=1607 | ||
=21H1 | ||
=21H1 | ||
=21H1 | ||
=21H2 | ||
=21H2 | ||
=21H2 | ||
=21H2 | ||
=21H2 | ||
=1909 | ||
=1909 | ||
=1909 | ||
Microsoft Windows 10 | ||
Microsoft Windows 10 | =20h2 | |
Microsoft Windows 10 | =21h1 | |
Microsoft Windows 10 | =21h2 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows 11 | ||
Microsoft Windows 11 | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 8.1 | ||
Microsoft Windows 8.1 | ||
Microsoft Windows Server | =20h2 | |
Microsoft Windows Server | =2022 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2012 | ||
Microsoft Windows Server 2012 | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2019 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.