A security researcher has publicly shared an exploit of Windows 10, which lets any threat actor with limited privileges to a vulnerable system gain admin privileges.
All Windows 10 systems running on versions before the January 2022 security Tuesday update are vulnerable, where Microsoft patched this bug in that update. The researcher, in his exploit note, stated that he chose to go public with his findings since Microsoft has reduced the bug bounty reward.
Privilege Escalation Bug in Windows 10
In the regular course of finding bugs, RyeLv, a security researcher has spotted a crucial privilege escalation vulnerability in Windows 10, which is tracked as CVE-2022-21882. This is later found to be the bypass for a previously patched CVE-2021-1732 bug.
Regarding the just-fixed CVE-2022-21882:
win32k privilege escalation vulnerability,
CVE-2021-1732 patch bypass,easy to exploit,which was used by apt attacks
— b2ahex (@b2ahex) January 12, 2022
Finding this bug, the researcher decided to share an exploit based on it to the public, instead of reporting to Microsoft. This was later reasoned in his note, as it’s due to Microsoft’s reduction of bug bounty reward. He said,
“Improve the kernel 0day bounty, let more security researchers participate in the bounty program, and help the system to be more perfect”.
As per him, this bug will let anyone with limited access to a vulnerable Windows 10 system gain elevated privileges easily, and spread laterally within the network through that compromised machine. He can perform admin-level commands like adding other admin users too.
The bug exists in all Windows 10 systems running versions before the January 2022 Patch Tuesday updates. Though Microsoft has patched this in this month’s update, many system admins had skipped this update since it contained more problems like unwanted reboots, L2TP VPN issues, inaccessible ReFS volumes, and Hyper-V issues.
Microsoft has later issued an out-of-band update to fix some of these issues too. So it’s now the job of system admins to update to the latest versions to make their computers guarded against these bug exploitations.