A security researcher has publicly shared an exploit of Windows 10, which lets any threat actor with limited privileges to a vulnerable system gain admin privileges.

All Windows 10 systems running on versions before the January 2022 security Tuesday update are vulnerable, where Microsoft patched this bug in that update. The researcher, in his exploit note, stated that he chose to go public with his findings since Microsoft has reduced the bug bounty reward.

Privilege Escalation Bug in Windows 10

In the regular course of finding bugs, RyeLv, a security researcher has spotted a crucial privilege escalation vulnerability in Windows 10, which is tracked as CVE-2022-21882. This is later found to be the bypass for a previously patched CVE-2021-1732 bug.

Finding this bug, the researcher decided to share an exploit based on it to the public, instead of reporting to Microsoft. This was later reasoned in his note, as it’s due to Microsoft’s reduction of bug bounty reward. He said,

“Improve the kernel 0day bounty, let more security researchers participate in the bounty program, and help the system to be more perfect”.

As per him, this bug will let anyone with limited access to a vulnerable Windows 10 system gain elevated privileges easily, and spread laterally within the network through that compromised machine. He can perform admin-level commands like adding other admin users too.

The bug exists in all Windows 10 systems running versions before the January 2022 Patch Tuesday updates. Though Microsoft has patched this in this month’s update, many system admins had skipped this update since it contained more problems like unwanted reboots, L2TP VPN issues, inaccessible ReFS volumes, and Hyper-V issues.

Microsoft has later issued an out-of-band update to fix some of these issues too. So it’s now the job of system admins to update to the latest versions to make their computers guarded against these bug exploitations.

RECOMMENDED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here