FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
MSRC compact vulnerability detail
CVE-2022-41077 · Windows Fax Compose Form Elevation of Privilege Vulnerability
No description was published by MSRC.
Signals
Windows Fax Compose Form
Elevation of Privilege
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
No description was published by MSRC.
FAQ / Articles
FAQ
In what scenarios is my computer vulnerable? For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. How can I verify whether the Fax service is running? Hold the Windows key and press R on your keyboard. This will open the Run dialog. Type services.msc and press Enter to open the Services window. Scroll through the list and locate the Fax service. If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable. If the Fax service is listed but the status is not Running, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.