CVE-2022-44704: 
Sysmon vulnerability analysis and mitigation

Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability (CVE-2022-44704) was disclosed in December 2022. This vulnerability affects Microsoft Windows Sysmon versions up to (excluding) 14.13, allowing locally authenticated attackers to manipulate information on the Sysinternals services to achieve elevation from local user to SYSTEM admin (CrowdStrike Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could allow an attacker to elevate their privileges from a local user to SYSTEM administrator level, potentially gaining complete control over the affected system (CrowdStrike Blog).

The vulnerability has been addressed in Sysmon version 14.13 and later. Users are recommended to update to the latest version of Sysmon to mitigate this vulnerability (Microsoft Q&A).

Some users reported issues with Sysmon version 14.16, including system unresponsiveness and BSOD (Blue Screen of Death) on physical laptops and desktops, leading some organizations to roll back to version 14.13 (Microsoft Q&A).