Privilege escalation flaw discovered in Windows and Linux

Privilege escalation flaw discovered in Windows and Linux

The capabilities of a computer are determined by the type of operating system it runs: Windows, Linux, OS X, Android, etc. As is the case with all computing systems, there are exploitable vulnerabilities that allow a malicious hacker to take control of the system, and there are also protections against that sort of exploit. Neglected are the countermeasures that are built into operating systems, which are designed to protect users.

An anonymous reader found a serious flaw in how current versions of Windows and Linux handle privileges. He discovered that it is possible to increase a user’s privileges from a lower level to a higher level, by exploiting a race condition in how the privilege check is performed.

Privilege escalation occurs when a vulnerability is so serious that users can use it to escalate their privileges and get administrator access by abusing a feature that was designed to be more secure.. Read more about which of the following is windows vulnerability and let us know what you think.

Both Windows and Linux were discovered to have vulnerabilities that may send users packing from their own systems on what appears to be a busy Tuesday for security experts. A new privilege access hole in Windows was discovered by accident, while a file system vulnerability in Linux allows an attacker to get root access. 

An attacker with the ability to execute code on the victim computer can read the Security Accounts Manager database, allowing them to run arbitrary code with system privileges, the highest conceivable in Windows, according to CVE-2021-36934. The attacker can also exploit system privileges to install programs, read, edit, or remove data, and create new users. 

On the Linux side, there have been two different discoveries: a System Privilege Escalation hole in the Linux filesystem layer (CVE-2021-33909), and another vulnerability that might trigger a kernel panic (CVE-2021-33910).

In the news: Instagram’s Explore tab now has a sensitive content management tool.

On Monday, a researcher known as Jonas L on Twitter discovered what appeared to be a coding defect in the Windows 11 preview build. Jonas ultimately discovered that users with limited credentials may access the Security Account Manager’s data. 

yarh- For whatever reason, the SAM file is now READ for users running Windows 11. If shadowvolumes are enabled, you can read the sam file as follows:

I don’t know the whole scope of the problem yet, but there are much too many for it not to be a concern.

July 19, 2021 — Jonas L (@jonasLyk)

He tweeted about the flaw, and soon after, users pointed out that the problem wasn’t limited to Windows 11. As a result, the US Computer Emergency Readiness Team issued an advisory claiming that the problem is due to a flaw in the Volume Shadow Copy Service, a Windows feature that allows programs to take real-time disk snapshots without locking the drives. 

Q: what can you do when you have #mimikatz🥝 & some Read access on Windows system files like SYSTEM, SAM and SECURITY?

A: Escalation of Local Privileges

Thank you, @jonasLyk, for this default Windows Read access

July 20, 2021 — Benjamin Delpy (@gentilkiwi)

A local user can exploit the flaw to extract cryptographically protected password data, gain keys for the Windows data protection API (which can be used to decrypt private encryption keys), and finally create an account with SYSTEM privileges, Windows’ highest level. Another researcher, Benjamin Delphy, demonstrated how the issue may be used to get sensitive data password hashes.

There is currently no patch available to remedy issue; however, the advisory does suggest some workarounds. Microsoft has stated that there may be certain exploits available. 

In the Linux kernel, two new vulnerabilities have been uncovered. One is a Linux filesystem layer Local Privilege Escalation problem, and the other is a systemd Denial of Service flaw. CVE-2021-33909 and CVE-2021-33910 have been assigned to the two vulnerabilities. 

Researchers at Qualys were the first to discover the privilege escalation problem, which lets an attacker to get root access to a system by simply creating and deleting a bunch of files. Sequoia is the codename for the exploit. 

“The successful exploitation of this vulnerability allows any unprivileged user to gain root rights on the vulnerable host,” according to Qualys. On default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation, Qualys security researchers were able to independently verify the vulnerability, construct an attack, and obtain full root access. Other Linux distributions are almost certainly susceptible and exploitable.”

To access the /proc/self/mountinfo file, an attacker must first build, mount, and destroy a directory structure with a total path length of more than 1GB, and then open and read it. 

The second flaw, CVE-20210-33910, is a stack exhaustion flaw in systems, a widely used software suite found in almost every Linux distribution. 

The vulnerability was introduced in systemd v220 in April 2015 by commit 7410616c, according to the Qualys report. A strdup() in a heap was replaced with a strdupa() on the stack in this commit. By exploiting this vulnerability, any unprivileged user can induce a kernel panic, resulting in a denial of service. 

In the news: HBO Max now allows groups to watch complete episodes on Snapchat.


When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah can be reached at [email protected], or you can follow him on Instagram or Twitter.

Related Tags

This article broadly covered the following related topics:

  • which of the following is windows vulnerability
  • cve 2021 36934
  • cve 2021 33910
  • cve 2021 33909
  • privilege escalation flaw discovered in windows and linux operating system

Leave a Reply