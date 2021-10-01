A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions.

[...] The good news is that the exploit requires a threat actor to know another user's user name and password to trigger the vulnerability, so it will likely not be widely abused in attacks.

The bad news is that it affects all versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.

[...] As this bug requires a threat actor to know a user name and password for another user, it will not be as heavily abused as other privilege elevation vulnerabilities we have seen recently, such as PrintNightmare.