Windows Being Exploit

  THREAT HUNTER (GUARD YOUR DEVICE)

Vulnerability News #0005

January 30, 2022

---

Name News : Windoes Vulnerabilities

Affected System : Windows 10

Vulnerability Involved : CVE-2022-21882, CVE-2021-1732

News Detail

An exploit for a Windows local privilege elevation vulnerability has been publicly released, allowing anyone to get admin access on Windows 10. Threat actors with limited access to a compromised device can utilize this vulnerability to easily raise their rights, allowing them to spread laterally inside the network, create new administrator users, and run privileged commands. Microsoft corrected the CVE-2022-21882 'Win32k Elevation of Privilege Vulnerability,' which is a workaround for the previously patched and actively exploited CVE-2021-1732 problem.

Figure 1: Notepad launched with SYSTEM privileges by exploit

Multiple exploits for CVE-2022-21882 have been publicly posted, allowing anyone to access SYSTEM capabilities on vulnerable Windows 10 computers. A vulnerability analyst with CERT/CC and Twitter's resident exploit tester confirmed that the attack works and grants elevated access after it was released. Researchers also tested the vulnerability and had no problem compiling the exploit and using it to open Notepad with SYSTEM privileges on Windows 10. Then it could not get the exploit to work on Windows 11.

Suggestion

Update latest patch (CVE-2022-21882 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability)

Imprint

• Allow anyone to gain SYSTEM privileges on vulnerable Windows 10 devices.

• Allow threat actors to use it to add new users with Administrator privileges or execute other privileged commands.

References:

Windows vulnerability with new public exploits lets you become admin (bleepingcomputer.com)

Windows Vulnerability With New Public Exploits Lets You Become An Administrator - BleepingComputer - OLTNEWS

---

© SAS Threat Hunter 

Direct to sasmoza.enterprise Sdn. Bhd for Subscribing News