John Ostrowski

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 11 version 22H2 Microsoft Windows versions prior to 10.0.22621.0 **Description** An improper access control issue exists within the Windows Cross Device Service. This allows an authorized attacker to gain elevated privileges locally. The vulnerability enables attackers to potentially affect the system and rapidly escalate to administrator privileges, with some reports indicating this can occur within 300 milliseconds. A proof-of-concept (PoC) exploit is available. The issue stems from flaws in access control within the Cross Device Service. **Recommendations** Microsoft Windows 11 version 22H2: Update to version 10.0.22621.0 or later. Microsoft Windows versions prior to 10.0.22621.0: Update to the latest available version.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to 10.0.22621.0 **Description** An improper access control issue exists in the Windows Cross Device Service. This allows an authorized attacker to elevate privileges locally. The issue is an elevation-of-privilege vulnerability that allows attackers to affect the system. **Recommendations** Update Windows to version 10.0.22621.0 or later.