Security News > 2021 > January > Windows PsExec zero-day vulnerability gets a free micropatch
A free micropatch fixing a local privilege escalation vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.
This PsExec zero-day is caused by a named pipe hijacking vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it Local System permissions.
Any Windows computer where "Admins remotely launch executables on using PsExec if the machine already has a non-admin attacker there trying to elevate their privileges" is vulnerable to attacks attempting to exploit this zero-day as ACROS Security CEO and 0patch co-founder Mitja Kolsek explains.
He also found that it impacts multiple PsExec version, starting with v1.72 released back in 2006 and ending with PsExec v2.2, the latest version released almost four years, which means that the zero-day affects all PsExec versions launched during the last 14 years.
A video demo showing how the micropatch released by 0patch prevents exploitation of this zero-day on Windows systems running PsExec is embedded below.
Micropatch only applies to the latest PsExec release.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)