Micropatches for Remote Code Execution in Windows Enterprise App Management Service (CVE-2022-35841)


 

September 2022 Windows Updates brought a fix for a remotely exploitable vulnerability in the Enterprise App Management Service, discovered by security researcher Ceri Coburn of Pen Test Partners. On October 13, they published a blog post describing the vulnerability in detail, and a proof-of-concept.

The Enterprise App Management Service allows Windows admins to centrally perform various installation and application provisioning-related actions on multiple Windows computers in the network. Due to lax permissions, a non-admin attacker could perform the same actions, potentially leading to a malicious application being installed and launched on the target computer.

Microsoft's patch added code for checking whether the requestor has administrative privileges on the computer, and our patches do logically the same.

Microsoft assigned this vulnerability CVE-2022-35841.

Our micropatches were written for the following Versions of Windows with all available Windows Updates installed:

  1. Windows 10 v2004
  2. Windows 10 v1909
  3. Windows 10 v1809
  4. Windows 10 v1803
 
Micropatches have already been distributed to all affected online computers running 0patch Agent with PRO or Enterprise license. To obtain the relevant micropatch and have it applied on your computers along with our other micropatches, create an account in 0patch Central, install 0patch Agent and register it to your account with a PRO or Enterprise subscription. Note that no computer restart is needed for installing the agent or applying/un-applying any 0patch micropatch.

To learn more about 0patch, please visit our Help Center. For a trial or demo please contact [email protected].

We'd like to thank Ceri Coburn and Pen Test Partners for publishing their analysis and providing a proof-of-concept that allowed us to reproduce the vulnerability and create a micropatch. We also encourage security researchers to privately share their analyses with us for micropatching.



 

Article Link: 0patch Blog: Micropatches for Remote Code Execution in Windows Enterprise App Management Service (CVE-2022-35841)