Windows Storage VSP Driver Vulnerability

HIGH (7.8)
cwe-284microsoftprivilege-escalationstorage-driverwindows

Threat Intelligence

Low Risk
EPSS Score: 0.07% chance of exploitation (percentile: 23%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Windows Storage VSP Driver is a component of the Windows operating system, responsible for managing storage devices. This vulnerability allows an authorized attacker to elevate privileges locally, potentially leading to unauthorized access to sensitive data and system configuration.

Am I affected?

You're affected if you use Improper access control. Specific version info not stated in the advisory.

How to fix

  1. Enable Windows Update and install the latest security patches.
  2. Apply the Windows Security Update (KB5003165) to fix the vulnerability.
  3. Immediate mitigations:
  4. Restrict access to the Windows Storage VSP Driver using Group Policy Editor or Registry settings.
  5. Monitor for suspicious system activity.

References