Get in Touch
Please get in touch using the form below.
Windows Privilege Escalation
Overview
A new proof-of-concept (PoC) has been published for a Windows local privilege escalation vulnerability.
At first the vulnerability CVE-2021-41379 was considered to be low impact. The advisory that accompanied Microsoft’s November Patch Tuesday update stated that it can’t be used to gain any extra privileges.
However, after analysing Microsoft’s fix, the security researcher who discovered it was able to bypass the mitigation and was able to use it to gain administrative permissions on the local device.
Impact
A local user can gain local administrator permissions on a fully patched Windows device.
Vulnerability Detection
All current windows devices are affected.
Affected Products
All currently supported versions of Windows.
Containment, Mitigations & Remediations
No known mitigations at this time but the attack requires local privileges.
Indicators of Compromise
PoC
MD5:
f317b6bafb5c6f4c3c9ffb967fd941b5
SHA-1:
509c2115bfbb20e65a08286935cfac1305894ede
SHA-256:
9e4763ddb6ac4377217c382cf6e61221efca0b0254074a3746ee03d3d421dabd
Threat Landscape
A public PoC makes it much easier for attackers to use this exploit in their campaigns but, because it still requires a local account, it won’t be the source of any new network intrusions. This attack has already been seen to be incorporated into criminal’s attack chains.
Mitre Methodologies
T1068 – Exploitation for Privilege Escalation