Home Tools Exploits & CVE's Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation

Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation

July 19, 2022

522

Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LsapGetClientInfo API in LSASRV will fallback and directly capture a caller’s impersonation token if it fails to impersonate, leading to elevation of privilege if the impersonation level is not checked.

advisories | CVE-2022-30166

Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation

Follow us on Instagram @thecyberpost

EDITOR PICKS

FBI, Europol Say Akira Ransomware Has Drained $42M from 250 Firms

Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns

Telecom giant Frontier shuts down some systems after cyberattack

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Backdoor.Win32.Ketch.h Buffer Overflow

WordPress Duplicator 1.4.7 Information Disclosure

Huawei MBAMainService Unquoted Service Path