How can we help?
A new proof-of-concept (PoC) has been published for a Windows local privilege escalation vulnerability.
At first the vulnerability CVE-2021-41379 was considered to be low impact. The advisory that accompanied Microsoft’s November Patch Tuesday update stated that it can’t be used to gain any extra privileges.
However, after analysing Microsoft’s fix, the security researcher who discovered it was able to bypass the mitigation and was able to use it to gain administrative permissions on the local device.
A local user can gain local administrator permissions on a fully patched Windows device.
All current windows devices are affected.
All currently supported versions of Windows.
Containment, Mitigations & Remediations
No known mitigations at this time but the attack requires local privileges.
Indicators of Compromise
A public PoC makes it much easier for attackers to use this exploit in their campaigns but, because it still requires a local account, it won’t be the source of any new network intrusions. This attack has already been seen to be incorporated into criminal’s attack chains.
T1068 – Exploitation for Privilege Escalation