Windows SMB Witness Service Elevation of Privilege Vulnerability
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Windows_10_1607 | Microsoft | - (including) | - (including) |
Windows_10_1809 | Microsoft | - (including) | - (including) |
Windows_10_20h2 | Microsoft | - (including) | - (including) |
Windows_10_21h2 | Microsoft | - (including) | - (including) |
Windows_10_22h2 | Microsoft | - (including) | - (including) |
Windows_11_21h2 | Microsoft | - (including) | - (including) |
Windows_11_22h2 | Microsoft | - (including) | - (including) |
Windows_7 | Microsoft | –sp1 (including) | –sp1 (including) |
Windows_8.1 | Microsoft | - (including) | - (including) |
Windows_rt_8.1 | Microsoft | - (including) | - (including) |
Windows_server_2012 | Microsoft | - (including) | - (including) |
Windows_server_2012 | Microsoft | r2 (including) | r2 (including) |
Windows_server_2016 | Microsoft | - (including) | - (including) |
Windows_server_2019 | Microsoft | - (including) | - (including) |
Windows_server_2022 | Microsoft | - (including) | - (including) |
Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user’s privileges and any permissions or other access-control specifications that apply to the resource. When access control checks are not applied consistently - or not at all - users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution.