The specific vulnerability is the use of named pipes. Then, this vulnerability can allow local attackers to escalte their privileges.
ZDI writes here that an attacker must first gain the ability to execute low-privileged code on the target system to exploit this vulnerability. The SeImpersonatePrivilege is available by default to the device's local administrators group and local service accounts, which are already highly privileged, limiting the impact of this vulnerability. The vulnerability allows an attacker to abuse the AMSI scanning function in certain cases.Īccording to the Zero Day Initiative (ZDI) report, an attacker who succeeds in gaining SeImpersonatePrivilege on Windows can abuse the AMSI scanning function to gain NT AUTHORITY\SYSTEM privileges in some cases. CVE-2021-37852: Local privilege escalation vulnerabilityĮSET was notified of a potential local privilege escalation vulnerability by the Zero Day Initiative (ZDI) on November 18, 2021. In the security advisory Local privilege escalation vulnerability fixed in ESET products for Windows dated January 31, 2022, the vendor ESET clarifies the details.
0 kommentar(er)
