Security News > 2023 > July > Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks.
"For instance, misconfigured Custom Actions running as NT AUTHORITYSYSTEM can be exploited by attackers to execute local privilege escalation attacks."
According to the Google-owned threat intelligence firm, Atera Agent is susceptible to a local privilege escalation attack that can be exploited through DLL hijacking, which could then be abused to obtain a Command Prompt as the NT AUTHORITYSYSTEM user.
CVE-2023-26078, on the other hand, concerns the "Execution of system commands that trigger the Windows Console Host as a child process," as a result opening up a "Command window, which, if executed with elevated privileges, can be exploited by an attacker to perform a local privilege escalation attack."
The disclosure comes as Kaspersky shed more light on a now-fixed, severe privilege escalation flaw in Windows that has come under active exploitation in the wild by threat actors using a specially crafted Outlook task, message or calendar event.
While Microsoft disclosed previously that Russian nation-state groups weaponized the bug since April 2022, evidence gathered by the antivirus vendor has revealed that real-world exploit attempts were carried out by an unknown attacker targeting government and critical infrastructure entities in Jordan, Poland, Romania, Turkey, and Ukraine a month prior to the public disclosure.
News URL
https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html
Related news
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-24 | CVE-2023-26078 | Unspecified vulnerability in Atera 1.8.3.6/1.8.3.7 Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. | 7.8 |