Security News > 2021 > July > New Windows and Linux Flaws Give Attackers Highest System Privileges

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.

"An elevation of privilege vulnerability exists because of overly permissive Access Control Lists on multiple system files, including the Security Accounts Manager database," the Windows makers noted.

"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

In the interim, the CERT/CC is recommending that users restrict access to sam, system, and security files and delete VSS shadow copies of the system drive.

Remediations have been released for a security shortcoming affecting all Linux kernel versions from 2014 that can be exploited by malicious users and malware already deployed on a system to gain root-level privileges.

Specifically, the flaw concerns a size t-to-int type conversion vulnerability in the Linux Kernel's "Seq file" file system interface, permitting an unprivileged local attacker to create, mount, and delete a deep directory structure whose total path length exceeds 1GB, resulting in privilege escalation on the vulnerable host.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/8w-lkhOOs48/new-windows-and-linux-flaws-give.html