CVE-2022-24696 - Glance by Mirametrix Privilege Escalation

This report documents a local privilege escalation vulnerability (CVE-2022-24696) in the Mirametrix/Lenovo Glance MaseService where improper service permissions allowed standard Users to change the service binary path; the author demonstrates a proof-of-concept escalation to SYSTEM using RogueWinRM, coordinated disclosure with Lenovo PSIRT, and notes that the issue is fixed in a Microsoft Store version while legacy installations require manual removal.