Two new vulnerabilities- one in Windows and the other in Linux – have been discovered recently, and these vulnerabilities allow hackers to bypass a vulnerable system and access sensitive resources.<\/p>\n\n\n\n
One vulnerability allows the hacker access to low privileged OS resources where code can be executed or sensitive data can be read; a second vulnerability increases the execution of code or file access to OS resources reserved for password storage or other sensitive operations.<\/p>\n\n\n\n
The researcher found that the contents of the security account manager- the database that stores user accounts and security descriptors for users on the local computer- could be read by users even if they had limited system privileges.<\/p>\n\n\n\n
This made it possible to obtain cryptographically protected password data, find the password that installed Windows, obtain the computer keys for the Windows data protection API- which can be used to decrypt private encryption keys–and create an account on the affected machine.<\/p>\n\n\n\n
The result is that the local user ends up with privileges up to the system, the highest level in Windows.<\/p>\n\n\n\n
A Microsoft representative said that company officials would investigate the vulnerability and take appropriate action as needed, which is being tracked as CVE-2021-36934.<\/p>\n\n\n\n
The exploit described comes with significant overhead, particularly around 1 million nested directories.<\/p>\n\n\n\n
The attack also requires about 5GB of storage and 1 million inodes. Despite these complications, a Qualys representative described the PoC as “extremely reliable” and said it only takes about three minutes.<\/p>\n\n\n\n
Linux users should check with the distributor if patches are available to fix the vulnerability. Windows users should wait for advisories from Microsoft and security experts.<\/p>\n\n\n