On Windows, the MSI installer program runs as an unprivileged user and does not run with the same elevated privileges as the Windows operating system. Additionally, the MSI installer does not validate the user’s privileges before executing system-level functions. In this case, an unprivileged user could potentially launch the installation program with administrator privileges. An attacker could attempt to exploit this vulnerability by tricking an unprivileged user into running the installation program with elevated privileges. This vulnerability can also be exploited by a local user to elevate their privileges during install or repair. On Windows, unprivileged users cannot run programs with administrator privileges. An attacker could exploit this vulnerability by tricking a user with elevated privileges into running the installation program.

Vulnerable packages:

Package name: Microsoft.msi
Package ID: 10.0.17134
Vendor: Microsoft Corporation

Vulnerability Scenario

An attacker could exploit this vulnerability by tricking a user with elevated privileges into running the installation program.
An attacker could create a malicious installation file that tricks a user with elevated privileges into running the installer with administrator privileges.

Vulnerability summary

In the case of MSI installer programs, there is a vulnerability that allows an unprivileged user to run the program with elevated privileges. This could allow an attacker to exploit the installation program by tricking an unprivileged user into running it with administrator privileges. This vulnerability can be exploited via two methods: by a local user to elevate their privileges during install or repair and by an attacker who tricks a user with elevated privileges into running the installation program.

Vulnerability Evaluation - Black Box Test (BST)

MSI installer programs execute as an unprivileged user on Windows. This means that they're executed with a lower level of privilege than the Windows operating system itself. Additionally, the MSI installer does not validate the user's privileges before executing system-level functions. In this case, an unprivileged user could potentially launch the installation program with administrator privileges. An attacker could exploit this vulnerability by tricking an unprivileged user into running the installation program with elevated privileges.
If you were tasked with assessing this vulnerability, perform a black box test (BST) on it by following these steps:
1) Download and install Microsoft Security Essentials to your computer and allow it to update automatically
2) Run Microsoft Security Essentials and scan your system for vulnerabilities
3) Close Microsoft Security Essentials and then download and open a new instance of it from the web browser or in task manager
4) Scan your computer for vulnerabilities without being prompted by Microsoft Security Essentials

Timeline

Published on: 10/20/2022 11:15:00 UTC
Last modified on: 10/21/2022 18:29:00 UTC

References