Headline

CVE-2023-25011: NV23-001_en: セキュリティ情報 | NEC

PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges.

1 year ago

CVE

Open in Source

#vulnerability #microsoft #auth #sap

A missing authentication vulnerability in PC settings tool

Number:NV23-001
CVE:CVE-2023-25011

Overview

The following vulnerability exist in the “PC Settings Tool” installed in NEC’s business PCs (Mate/VersaPro).

It is possible to write to the registry as administrator privileges with standard user privileges. - CVE-2023-25011

Products Affected

PC Settings Tool

Affected Version

If the beginning is “10” (10.x.x.x): 10.1.26.0 and earlier.
If the beginning is “11” (11.x.x.x): 11.0.22.0 and earlier.

Solution

Please apply the patch.
(1)Update at Microsoft Store.
(2)Launch the PC Settings Tool
(3)Follow the displayed message to update the libarary.
(After updating, you need to restart your PC)

The update is completed if it is updated to the following version or later.
If the beginning is “10” (10.x.x.x): 10.1.27.0 and later
If the beginning is “11” (11.x.x.x): 11.0.23.0 and later

References

Credit

reported by Mr. Haruki Yadani in LAC through IPA.

Update