#Security Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**In what scenarios is my computer vulnerable?** For Windows 11 and Windows 10 the FAX service is not installed by default. To exploit this vulnerability, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. **How can I verify whether the Fax service is running?** 1. Hold the **Windows key** and press **R** on your keyboard. This will open the Run dialog. 2. Type _services.msc_ and press **Enter** to open the Services window. 3. Scroll through the list and locate the **Fax** service. * If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable. * If the Fax service is listed but the status is not _Running_, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.

**In what scenarios is my computer vulnerable?** For Windows 11 and Windows 10 the FAX service is not installed by default. To exploit this vulnerability, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. **How can I verify whether the Fax service is running?** 1. Hold the **Windows key** and press **R** on your keyboard. This will open the Run dialog. 2. Type _services.msc_ and press **Enter** to open the Services window. 3. Scroll through the list and locate the **Fax** service. * If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable. * If the Fax service is listed but the status is not _Running_, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

**What privileges does an attacker require to exploit this vulnerability?** Exploiting this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.

**What is Windows Endpoint Configuration Manager?** Microsoft Endpoint Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or are internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more. For more information see - What is Configuration Manager?. **How do I get the latest patch?** The hot patch is available from Microsoft online at https://aka.ms/KB12819689. Instructions for applying the hot patch are included.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

**What privileges does an attacker require to exploit this vulnerability?** Exploiting this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.