CVE-2022-24139

Name of the Vulnerable Software and Affected Versions IOBit Advanced System Care version 15

Description The issue allows an attacker with SEImpersonatePrivilege to create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes. During login, the service will try to connect to the attacker, leading to either escalation of privileges from ADMIN to SYSTEM or from Local ADMIN to Domain ADMIN, depending on the user and named pipe used. This is achieved through token manipulation and the use of the ImpersonateNamedPipeClient() function.

Recommendations For IOBit Advanced System Care version 15, consider disabling the named pipe functionality until a patch is available to prevent potential privilege escalation. Restrict access to the named pipes used by ASCService to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.