Security News > 2021 > January > Windows PsExec zero-day vulnerability gets a free micropatch
A free micropatch fixing a local privilege escalation vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.
This PsExec zero-day is caused by a named pipe hijacking vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it Local System permissions.
Any Windows computer where "Admins remotely launch executables on using PsExec if the machine already has a non-admin attacker there trying to elevate their privileges" is vulnerable to attacks attempting to exploit this zero-day as ACROS Security CEO and 0patch co-founder Mitja Kolsek explains.
He also found that it impacts multiple PsExec version, starting with v1.72 released back in 2006 and ending with PsExec v2.2, the latest version released almost four years, which means that the zero-day affects all PsExec versions launched during the last 14 years.
A video demo showing how the micropatch released by 0patch prevents exploitation of this zero-day on Windows systems running PsExec is embedded below.
Micropatch only applies to the latest PsExec release.
News URL
Related news
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- New Windows IPv6 Zero-Click Vulnerability (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)