Security News > 2023 > July > Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks.
"For instance, misconfigured Custom Actions running as NT AUTHORITYSYSTEM can be exploited by attackers to execute local privilege escalation attacks."
According to the Google-owned threat intelligence firm, Atera Agent is susceptible to a local privilege escalation attack that can be exploited through DLL hijacking, which could then be abused to obtain a Command Prompt as the NT AUTHORITYSYSTEM user.
CVE-2023-26078, on the other hand, concerns the "Execution of system commands that trigger the Windows Console Host as a child process," as a result opening up a "Command window, which, if executed with elevated privileges, can be exploited by an attacker to perform a local privilege escalation attack."
The disclosure comes as Kaspersky shed more light on a now-fixed, severe privilege escalation flaw in Windows that has come under active exploitation in the wild by threat actors using a specially crafted Outlook task, message or calendar event.
While Microsoft disclosed previously that Russian nation-state groups weaponized the bug since April 2022, evidence gathered by the antivirus vendor has revealed that real-world exploit attempts were carried out by an unknown attacker targeting government and critical infrastructure entities in Jordan, Poland, Romania, Turkey, and Ukraine a month prior to the public disclosure.
News URL
https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html
Related news
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-24 | CVE-2023-26078 | Unspecified vulnerability in Atera 1.8.3.6/1.8.3.7 Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. | 7.8 |