Select Page

In case you missed it, there were three vulnerabilities related to GP Preferences in the latest October 2022 “Patch Tuesday”. Specifically they were:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37994

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37993

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37975

While there is precious little detail about how these are exploited, the bottom line for all of them is that they all involve tricking the GP subsystem into elevating a user request to localSystem (limited or otherwise). So, patch your systems ASAP! This one is not great, as gaining localSystem from a regular user gives attackers yet another avenue to harvest credentials from a system and move laterally.