CVE-2022-35257 in UI
Summary
by MITRE • 09/23/2022
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/23/2025
This vulnerability represents a critical local privilege escalation flaw in Microsoft's UI Desktop component for Windows systems. The issue affects versions 0.55.1.2 and earlier, where a malicious actor with local access to a Windows device can exploit this weakness to execute arbitrary commands with SYSTEM-level privileges. The vulnerability stems from inadequate privilege controls within the UI Desktop framework, creating an attack vector that bypasses normal Windows security boundaries. This flaw fundamentally undermines the principle of least privilege by allowing local users to escalate their privileges without proper authentication or authorization mechanisms. The technical nature of the vulnerability suggests a failure in access control implementation within the user interface subsystem, potentially involving improper privilege checking or insecure command execution pathways.
The operational impact of this vulnerability is severe as it transforms a local user account into a SYSTEM-level administrator with unrestricted access to all system resources, files, and processes. Attackers can leverage this privilege escalation to install persistent backdoors, exfiltrate sensitive data, modify system configurations, or disable security controls. The vulnerability's exploitation requires only local access, making it particularly dangerous in environments where physical access or low-privilege user accounts are common. This weakness can be particularly devastating in corporate networks where local access might be obtained through various means including social engineering, physical access, or compromised accounts with limited privileges.
Security professionals should implement immediate mitigations including applying the latest Windows updates that address this vulnerability, implementing strict access controls to limit local user privileges, and monitoring for suspicious command execution patterns. The vulnerability aligns with CWE-276 which addresses improper privileges, and maps to ATT&CK technique T1068 which covers local privilege escalation. Organizations should also consider implementing additional security controls such as user account control monitoring, process monitoring for suspicious SYSTEM-level activity, and network segmentation to limit the potential damage from such an exploit. Regular security assessments should focus on identifying and patching similar privilege escalation vulnerabilities across all system components. The vulnerability demonstrates the importance of maintaining up-to-date security patches and implementing defense-in-depth strategies to protect against local privilege escalation attacks that can compromise entire systems.