Security News > 2021 > January > Windows PsExec zero-day vulnerability gets a free micropatch
A free micropatch fixing a local privilege escalation vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.
This PsExec zero-day is caused by a named pipe hijacking vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it Local System permissions.
Any Windows computer where "Admins remotely launch executables on using PsExec if the machine already has a non-admin attacker there trying to elevate their privileges" is vulnerable to attacks attempting to exploit this zero-day as ACROS Security CEO and 0patch co-founder Mitja Kolsek explains.
He also found that it impacts multiple PsExec version, starting with v1.72 released back in 2006 and ending with PsExec v2.2, the latest version released almost four years, which means that the zero-day affects all PsExec versions launched during the last 14 years.
A video demo showing how the micropatch released by 0patch prevents exploitation of this zero-day on Windows systems running PsExec is embedded below.
Micropatch only applies to the latest PsExec release.
News URL
Related news
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)