Windows Projected File System Buffer Over-read Vulnerability

HIGH (7.8)
cwe-126buffer-over-readmicrosoftprivilege-elevationprojected-file-systemwindows

Threat Intelligence

Low Risk
EPSS Score: 0.06% chance of exploitation (percentile: 19%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Windows Projected File System is a feature that allows users to access files on a remote server. However, this vulnerability allows an authorized attacker to elevate privileges locally by exploiting a buffer over-read in the Windows Projected File System.

Am I affected?

You're affected if you use Buffer over-read. Specific version info not stated in the advisory.

How to fix

To fix this vulnerability, Microsoft recommends applying the latest security updates. You can do this by:

  1. Checking for updates in the Windows Update settings.
  2. Running the sfc /scannow and chkdsk C: commands as mentioned above.
  3. Enabling the Windows Defender Advanced Threat Protection (ATP) feature.

Immediate mitigations:
- Run the sfc /scannow command to scan for any errors.
- Run the chkdsk C: command to scan for any errors on the system drive.

References