CVE-2022-41120: Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Nov

Released

2022-11-08

Last Updated

2022-12-22

EPSS Score

0.93% (percentile: 76.1%)

FAQ

How could an attacker exploit this vulnerability? A locally authenticated attacker could manipulate information on Windows System Monitor (Sysmon) to achieve elevation from local user to SYSTEM admin. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges.

Detection & Weaponization (1 sources)

Maturity: Detection

• Sigma rules: Suspicious Sysmon as Execution Parent

Affected Products (1)

Developer Tools

• Windows Sysmon

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://twitter.com/filip_dragovic">Filip Dragovic</a> with Infigo IS

Revision History

• 2022-11-08: Information published.
• 2022-12-22: Corrected the affected product name in the CVE title and in the FAQs. This is an informational change only.