Windows vulnerability with new public exploits lets you become an administrator

A security researcher has publicly disclosed an exploit for a Windows local elevation of privilege vulnerability that allows anyone to gain administrator privileges in Windows 10.

Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or execute privileged commands.

The vulnerability affects all supported media versions of Windows 10 prior to the January 2022 Patch Tuesday updates.

Researcher publishes workaround of patched vulnerability

As part of the January 2022 Patch Tuesday, Microsoft fixed a “Win32k Elevation of Privilege Vulnerability” vulnerability identified as CVE-2022-21882, which is a workaround for the previously patched and actively exploited bug CVE-2021-1732.

Microsoft attributes the discovery of this vulnerability to RyeNvwho shared a technical analysis of the vulnerability after Microsoft released the patch.

This week, several exploits were made public for CVE-2022-21882 that allow anyone to gain SYSTEM privileges on vulnerable Windows 10 devices. Beep

After the exploit was published, Will Dormann, vulnerability analyst for CERT/CC and resident exploit tester on Twitter, confirmed that exploits work and provides elevated privileges.

BleepingComputer also tested the vulnerability and had no issues compiling the exploit and using it to open Notepad with SYSTEM privileges on Windows 10, as shown below. BleepingComputer was unable to get the exploit to work on Windows 11.

Notepad launched with SYSTEM privileges by exploit
Notepad launched with SYSTEM privileges by exploit
Source: BleepingComputer

Although we only opened Notepad using this exploit, hackers can also use it to add new users with administrator privileges or execute other privileged commands.

Although we don’t normally report a patched vulnerability, many admins chose to skip the January 2022 Updates due to the large number of critical bugs introduced by the January 2022 Updates, including reboots, glitches, L2TP VPN problems, inaccessible ReFS volumes, and Hyper-V issues. installing these updates.

This means their devices remain unprotected and vulnerable to an exploit that has historically been used in cyberattacks by APT hacking groups.

With the release of these exploits and as Microsoft has released OOB updates that resolve issues introduced in the January 2022 updates, administrators are now strongly advised to install the updates rather than waiting for the Tuesday, February 8.

Bug found two years ago

This same vulnerability has been discovered two years ago by Israeli security researcher and CEO of Piiano Gil Dabahwho decided not to disclose the bug due to bug bounty reduction by Microsoft.

Dabah isn’t the only one frustrated by Microsoft’s dwindling bug bounty.

In November, security researcher Abdelhamid Nacer published a zero-day privilege escalation exploit due to Microsoft’s lower payouts in its bug bounty program.

“Microsoft bounties have been phased out since April 2020, I really wouldn’t be doing this if MSFT hadn’t made the decision to downgrade those bounties,” Naceri told BleepingComputer at the time.

RyeLv noted in its technical writing for the CVE-2022-21882 vulnerability that the best way to eliminate this class of bug is to improve Microsoft’s Windows kernel bug bounties.

“Improve the kernel 0day bounty, let more security researchers participate in the bounty program, and help the system be more perfect,” RyeLv advised.

Source link

Steven L. Nielsen