The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability bulletin 28108

Windows: privilege escalation via MsiAdvertiseProduct

Synthesis of the vulnerability

An attacker can bypass restrictions via MsiAdvertiseProduct of Windows, in order to escalate his privileges.
Impacted software: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT.
Severity of this computer vulnerability: 2/4.
Consequences of an attack: administrator access/rights, privileged access/rights, data reading, data creation/edition.
Attacker's origin: user shell.
Creation date: 27/12/2018.
Références of this announce: VIGILANCE-VUL-28108, VU#228297.

Description of the vulnerability

An attacker can bypass restrictions via MsiAdvertiseProduct of Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerability bulletins. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.