Microsoft UPnP Local Privilege Elevation

Posted on 19 December 2019

This Metasploit module exploits two vulnerabilities to execute a command as an elevated user. The first (CVE-2019-1405) uses the UPnP Device Host Service to elevate to NT AUTHORITYLOCAL SERVICE. The second (CVE-2019-1322) leverages the Update Orchestrator Service to elevate from NT AUTHORITYLOCAL SERVICE to NT AUTHORITYSYSTEM.