Privilege Escalation flaw Discovered in Windows and Linux
This is a very interesting security vulnerability. I basically just found it interesting because it’s a privilege escalation flaw in Linux and Windows. Basically, if you log into a system that runs one of the two operating systems, it can be used to escalate privilege to other accounts. I’ve never heard of this before, and I’m assuming that some other users out there on the web have either never heard of this or have missed this one.
In early September, the Linux kernel was updated to fix an issue that had been discovered in the past. The vulnerability was not immediately life-threatening, but it was still a serious problem because it could be used to enable privileges in the Linux kernel that are usually reserved for the system administrator. That is bad enough, but it gets worse…
Both Windows and Linux were discovered to have vulnerabilities that may send users packing from their own systems on what appears to be a busy Tuesday for security experts. A new privilege access hole in Windows was discovered by accident, while a file system vulnerability in Linux allows an attacker to get root access.
An attacker with the ability to execute code on the victim computer can read the Security Accounts Manager database, allowing them to run arbitrary code with system privileges, the highest conceivable in Windows, according to CVE-2021-36934. The attacker can also exploit system privileges to install programs, read, edit, or remove data, and create new users.
On the Linux side, there have been two different discoveries: a System Privilege Escalation hole in the Linux filesystem layer (CVE-2021-33909), and another vulnerability that might trigger a kernel panic (CVE-2021-33910).
In the news: Instagram’s Explore tab now has a sensitive content management tool.
On Monday, a researcher known as Jonas L on Twitter discovered what appeared to be a coding defect in the Windows 11 preview build. Jonas ultimately discovered that users with limited credentials may access the Security Account Manager’s data.
yarh- For whatever reason, the SAM file is now READ for users running Windows 11. If shadowvolumes are enabled, you can read the sam file as follows:
I don’t know the whole scope of the problem yet, but there are much too many for it not to be a concern. pic.twitter.com/kl8gQ1FjFt
July 19, 2023 — Jonas L (@jonasLyk)
He tweeted about the flaw, and soon after, users pointed out that the problem wasn’t limited to Windows 11. As a result, the US Computer Emergency Readiness Team issued an advisory claiming that the problem is due to a flaw in the Volume Shadow Copy Service, a Windows feature that allows programs to take real-time disk snapshots without locking the drives.
Q: what can you do when you have #mimikatz? & some Read access on Windows system files like SYSTEM, SAM and SECURITY?
A: Escalation of Local Privileges
Thank you, @jonasLyk, for this default Windows Read access pic.twitter.com/6Y8kGmdCsp
July 20, 2023 — Benjamin Delpy (@gentilkiwi)
A local user can exploit the flaw to extract cryptographically protected password data, gain keys for the Windows data protection API (which can be used to decrypt private encryption keys), and finally create an account with SYSTEM privileges, Windows’ highest level. Another researcher, Benjamin Delphy, demonstrated how the issue may be used to get sensitive data password hashes.
There is currently no patch available to remedy issue; however, the advisory does suggest some workarounds. Microsoft has stated that there may be certain exploits available.
In the Linux kernel, two new vulnerabilities have been uncovered. One is a Linux filesystem layer Local Privilege Escalation problem, and the other is a systemd Denial of Service flaw. CVE-2021-33909 and CVE-2021-33910 have been assigned to the two vulnerabilities.
Researchers at Qualys were the first to discover the privilege escalation problem, which lets an attacker to get root access to a system by simply creating and deleting a bunch of files. Sequoia is the codename for the exploit.
“The successful exploitation of this vulnerability allows any unprivileged user to gain root rights on the vulnerable host,” according to Qualys. On default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation, Qualys security researchers were able to independently verify the vulnerability, construct an attack, and obtain full root access. Other Linux distributions are almost certainly susceptible and exploitable.”
To access the /proc/self/mountinfo file, an attacker must first build, mount, and destroy a directory structure with a total path length of more than 1GB, and then open and read it.
The second flaw, CVE-20210-33910, is a stack exhaustion flaw in systems, a widely used software suite found in almost every Linux distribution.
The vulnerability was introduced in systemd v220 in April 2015 by commit 7410616c, according to the Qualys report. A strdup() in a heap was replaced with a strdupa() on the stack in this commit. By exploiting this vulnerability, any unprivileged user can induce a kernel panic, resulting in a denial of service.
In the news: HBO Max now allows groups to watch complete episodes on Snapchat.
When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah can be reached at [email protected], or you can follow him on Instagram or Twitter.
This article broadly covered the following related topics:
- which of the following is windows vulnerability
- cve 2023 36934
- cve 2023 33910
- cve 2023 33909
- privilege escalation flaw discovered in windows and linux operating system