New Windows and Linux Flaws: Provide Attackers Highest System Privileges

Two new vulnerabilities, one in Windows and the other in Linux, were discovered on Tuesday, allowing hackers with a presence in a vulnerable machine to circumvent OS security limits and access critical resources. 

Microsoft’s Windows 10 and upcoming Windows 11 versions have been discovered to be vulnerable to a new local privilege escalation vulnerability that allows users with low-level permissions to access Windows system files, permitting them to decrypt private keys and uncover the operating system installation password. The vulnerability has been named “SeriousSAM”.

CERT Coordination Center (CERT/CC) stated in a vulnerability note published, “Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files. This can allow for local privilege escalation (LPE).” 

The operating system configuration files in question are as follows – 

c:WindowsSystem32configsam 

c:WindowsSystem32configsystem 

c:WindowsSystem32configsecurity 

Microsoft acknowledged the vulnerability, which has been assigned the number CVE-2021-36934 but is yet to offer a patch or provide a timeframe for when a fix will be released. 

The Windows makers explained, “An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” 

However, successful exploitation of the issue implies that the attacker has already gained a foothold and has the capacity to execute code on the target machine. In the meanwhile, users should restrict entry to sam, system, and security files and erase VSS shadow copies of the system disc, according to the CERT/CC. 

Since the release of Patch Tuesday updates on July 13, this is also the third publicly documented unpatched issue in Windows. Apart from CVE-2021-36934, two other vulnerabilities in the Print Spooler component have been identified, leading Microsoft to advise all users to halt and terminate the service to protect their computers from exploitation. 

“Sequoia” privilege escalation flaw affected Linux distros:

Remediations have been issued for a security shortcoming affecting all Linux kernel versions from 2014 that can be exploited by malicious users and malware already deployed on a system to gain root-level privileges. 

The vulnerability, nicknamed “Sequoia” by Qualys researchers, has been issued the identifier CVE-2021-33909 and affects default Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation installations. The issue also affects Red Hat Enterprise Linux versions 6, 7, and 8. 

The vulnerability is a size t-to-int type conversion flaw in the Linux Kernel’s “seq file” file system interface, which allows an unprivileged local intruder to generate, install, and delete a deep directory structure with a total path length of more than 1GB, resulting in a privilege escalation on the vulnerable host. 

According to Qualys, unprivileged attackers could use a stack exhaustion denial-of-service vulnerability in the system (CVE-2021-33910) to corrupt the software suite and induce a kernel panic.