Security News > 2021 > July > Make-me-admin holes found in Windows, Linux kernel
Recent builds of Windows 10, and the preview of Windows 11, have a misconfigured access control list for the Security Account Manager, SYSTEM, and SECURITY registry hive files.
You may think you're safe because your Windows PC doesn't have a suitable VSS shadow copy, yet there are ways to end up quietly creating one and put your machine at risk.
According to the advisory: "Note that VSS shadow copies may not be available in some configurations, however simply having a system drive that is larger that 128GB in size and then performing a Windows Update or installing an MSI will ensure that a VSS shadow copy will be automatically created."
Q: what can you do when you have #mimikatz🥝 & some Read access on Windows system files like SYSTEM, SAM and SECURITY?
It's not just Windows: a security hole has been discovered in Linux kernels since version 3.16 that can be exploited by rogue users and malware already on a system to gain root-level privileges.
Qualys also found another security weakness in Linux systems, CVE-2021-33910, a denial-of-service kernel panic via systemd.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/21/windows_linux_privilege_escalation/
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 5.5 |