Microsoft’s Windows 10 and upcoming Windows 11 releases have proven to be vulnerable to a new local privilege escalation vulnerability that allows low-level users to access Windows system files, exposing the operating system installation password and even decrypting private keys .
“Starting with Windows 10 Build 1809, users without administrator rights have access to SAM, SYSTEM and SECURITY registry hive files,” said the CERT Coordination Center (CERT / CC) in a Vulnerability Notice Published Monday. “This can enable local privilege escalation (LPE).”
The files in question are as follows –
- c: Windows System32 config sam
- c: Windows System32 config system
- c: Windows System32 config security
Microsoft tracking the vulnerability under the identifier CVE-2021-36934, has confirmed the problem but has yet to apply a patch or provide a schedule for how the fix will be deployed.
“An elevation of privilege vulnerability existed on excessively permissive access control lists (ACLs) on multiple system files, including security account management (SAM) Database, “the Windows vendors determined.” An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; View, change or delete data; or create new accounts with full user rights.
Successful exploitation of the vulnerability, however, requires that the attacker has already gained a foothold and is able to execute code on the victim’s system. In the meantime, CERT / CC recommends that users restrict and delete access to Sam, system and security files VSS shadow copies of the system drive.
The latest reveal also marks the third publicly reported unpatched bug in Windows since the release of the Patch Tuesday updates on July 13th. In addition to CVE-2021-36934, there are two more weaknesses Impact on the Print spooler Components were also discovered, causing Microsoft to ask all users to stop and disable the service in order to protect the systems from exploitation.
Linux distributions suffer from “Sequoia” privilege escalation errors
It’s not just Windows. Fixes have been released for a security vulnerability that affects everyone Linux kernel versions from 2014 that can be exploited by malicious users and malware already deployed on a system to gain root privileges.
Called “Sequoia” by researchers at the cybersecurity firm Qualys, the problem was assigned the identifier assigned CVE-2021-33909 and affects the standard installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11 and Fedora 34 workstation. Red Hat Enterprise Linux versions 6, 7 and 8 are also available affected through vulnerability.
The bug particularly affects a vulnerability in the conversion of the type size_t-to-int in the file system interface “seq_file” of the Linux kernel, which enables an unprivileged local attacker to create, mount and delete a deep directory structure, its total path length Exceeds 1 GB resulting in privilege escalation on the vulnerable host.
Separately, Qualys has also announced a stack exhaustion denial of service vulnerability systemd (CVE-2021-33910) that could be exploited by unprivileged attackers to crash the software suite and trigger an error Kernel panic.