Microsoft’s Windows 10 and future versions of Windows 11 have been found to be vulnerable to a new local privilege escalation vulnerability that allows users with low-level permissions to access Windows system files, allowing them to unmask the operating system installation password and even decrypt private keys. .
“Starting with Windows 10 build 1809, non-administrative users have access to the SAM, SYSTEM, and SECURITY registry hive files,” the CERT Coordination Center (CERT / CC) said in a statement. vulnerability rating published Monday. “This can allow for an elevation of local privileges (LPE). “
The files in question are as follows –
- c: Windows System32 config sam
- c: Windows System32 config system
- c: Windows System32 config security
Microsoft, which tracks the vulnerability under the identifier CVE-2021-36934, acknowledged the problem, but has not yet deployed a fix or provided a schedule for the fix to be released.
“An elevation of privilege vulnerability exists due to overly permissive access control lists (ACLs) on several system files, including the Security Account Manager (SAT) ”, Noted the makers of Windows. “An attacker who successfully exploited this vulnerability could execute arbitrary code with SYSTEM privileges. An attacker could then install programs; view, modify or delete data; or create new accounts with full user rights.
Successful exploitation of the vulnerability, however, requires that the attacker have already gained a foothold and be able to execute code on the victimized system. In the meantime, CERT / CC recommends that users restrict access to sam, system, and security files and remove VSS Shadow Copies system drive.
The latest disclosure also marks the third publicly disclosed uncorrected bug in Windows since the release of Patch Tuesday updates July 13. Besides CVE-2021-36934, two others weaknesses affecting the Print spooler component were also discovered, prompting Microsoft to urge all users to stop and disable the service to protect systems from exploitation.
Linux distributions suffer from “Sequoia” privilege escalation flaw
It’s not just Windows. Fixes have been released for a security flaw affecting all Linux kernel versions from 2014 that can be exploited by malicious users and malware already deployed on a system to gain root level privileges.
Called “Sequoia” by researchers at the cybersecurity company Qualys, the problem was assigned the identifier CVE-2021-33909 and affects default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Red Hat Enterprise Linux versions 6, 7 and 8 are also affected by vulnerability.
More specifically, the flaw concerns a size_t-to-int type conversion vulnerability in the interface of the “seq_file” filesystem of the Linux kernel, allowing an unprivileged local attacker to create, mount and delete a deep directory structure whose total path length exceeds 1 GB, resulting in elevation of privilege on the vulnerable host.
Separately, Qualys also disclosed a stack exhaustion denial of service vulnerability in system (CVE-2021-33910) which could be exploited by unprivileged attackers to crash the software suite and trigger a kernel panic.