Two new vulnerabilities- one in Windows and the other in Linux – have been discovered recently, and these vulnerabilities allow hackers to bypass a vulnerable system and access sensitive resources.
One vulnerability allows the hacker access to low privileged OS resources where code can be executed or sensitive data can be read; a second vulnerability increases the execution of code or file access to OS resources reserved for password storage or other sensitive operations.
The researcher found that the contents of the security account manager- the database that stores user accounts and security descriptors for users on the local computer- could be read by users even if they had limited system privileges.
This made it possible to obtain cryptographically protected password data, find the password that installed Windows, obtain the computer keys for the Windows data protection API- which can be used to decrypt private encryption keys–and create an account on the affected machine.
The result is that the local user ends up with privileges up to the system, the highest level in Windows.
A Microsoft representative said that company officials would investigate the vulnerability and take appropriate action as needed, which is being tracked as CVE-2021-36934.
The exploit described comes with significant overhead, particularly around 1 million nested directories.
The attack also requires about 5GB of storage and 1 million inodes. Despite these complications, a Qualys representative described the PoC as “extremely reliable” and said it only takes about three minutes.
Linux users should check with the distributor if patches are available to fix the vulnerability. Windows users should wait for advisories from Microsoft and security experts.
For more information, read the original story in Arstechnica.