|CVSS SCORE||4.9, (AV:L/AC:L/Au:N/C:C/I:N/A:N)|
The specific flaw exists within the cng.sys driver. The issue lies in a series of IOCTLs that return pointers to functions within the driver. An attacker can leverage this together with another vulnerability to achieve code execution under the context of SYSTEM.
Microsoft has issued an update to correct this vulnerability. More details can be found at: