Title

Microsoft On-Screen Keyboard Privilege Escalation Vulnerability (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in the On-Screen Keyboard (OSK). On-Screen Keyboard (OSK) is an Ease of Access tool in Microsoft Windows that allows users to move around their PC and enter text without having to use a physical, external keyboard. To exploit this vulnerability, an attacker would have to first use a vulnerability in a low integrity process to execute the On-Screen Keyboard and then have a method of uploading a specially crafted program to the target system. If successfully exploited, the attacker would cause an arbitrary program to execute at the same integrity level as the current user.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-52945

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.