CVE-2022-41975 : What You Need to Know
Discover how CVE-2022-41975 impacts RealVNC VNC Server and VNC Viewer on Windows, allowing local privilege escalation via MSI installer Repair mode. Learn about the vulnerability and mitigation steps.
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.
Understanding CVE-2022-41975
This CVE impacts RealVNC VNC Server versions prior to 6.11.0 and VNC Viewer versions before 6.22.826 on Windows, potentially leading to local privilege escalation.
What is CVE-2022-41975?
CVE-2022-41975 is a vulnerability in RealVNC VNC Server and VNC Viewer that allows an attacker to achieve local privilege escalation through the MSI installer Repair mode on Windows systems.
The Impact of CVE-2022-41975
This vulnerability could be exploited by a local attacker to gain elevated privileges on the system, potentially leading to unauthorized access and control over sensitive data or system resources.
Technical Details of CVE-2022-41975
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability in RealVNC VNC Server and VNC Viewer before specified versions allows for privilege escalation through the MSI installer Repair mode on Windows.
Affected Systems and Versions
The affected systems include Windows installations running RealVNC VNC Server versions prior to 6.11.0 and VNC Viewer versions before 6.22.826.
Exploitation Mechanism
Attackers can exploit this vulnerability locally by manipulating the MSI installer Repair mode to escalate their privileges on the Windows system.
Mitigation and Prevention
To address CVE-2022-41975, follow these mitigation strategies.
Immediate Steps to Take
Users should update RealVNC VNC Server to version 6.11.0 or later and VNC Viewer to version 6.22.826 or higher to mitigate the risk of local privilege escalation.
Long-Term Security Practices
Regularly update software and maintain a proactive security posture to safeguard systems against known vulnerabilities and emerging threats.
Patching and Updates
Stay informed about security updates and patches provided by RealVNC, and apply them promptly to ensure the security of VNC Server and VNC Viewer installations.