Microsoft Security Response Center

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** If successfully exploited, this vulnerability could case attacker-controlled data on the heap to overwrite critical structures of the service, leading to arbitrary memory write or control flow hijacking, resulting in privilege escalation

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine's performance counter data collector process.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated DHCP Server privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

**According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?** An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command.

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An unauthenticated attacker with LAN access could exploit this vulnerability.