Severity
Medium
Analysis Summary
Some new bugs reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges. The flaws are caused by the lack of necessary checks when handling specific requests.
Some drivers shipped with Windows that run in kernel mode did not perform all of the access checks when handling specific (IRP_MJ_CREATE) requests. Kernel mode code could force access checks, opening the door to malicious activity.
An attacker controlling the arguments of a file create/open call could use requests originating from user mode to abuse the issue and send an IRP_MJ_CREATE request with a check set to KernelMode, in this way he could escalate privilege.
In order to define the class of bug that leads to local privilege escalation, there is a need for the following separate components.
An attacker would need to be able to direct the initiator to open a device object that is handled by the receiver. The security check in the receiver is bypassed because the Irp->RequestorMode will be KernelMode, but the SL_FORCE_ACCESS_CHECK flag is not examined.
Impact
Privilege Escalation
Affected Products
Microsoft Windows 10
Remediation
Microsoft will solve the bug in the future versions of Windows OS, meantime, it plans to implement most of the fixes in Windows 10 19H1.
Any security updates will likewise be reported, whenever they are released.