{"id":371463,"date":"2021-11-23T23:13:14","date_gmt":"2021-11-23T20:13:14","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/new-windows-zero-day-grants-local-admin-access\/"},"modified":"2021-11-23T23:13:14","modified_gmt":"2021-11-23T20:13:14","slug":"new-windows-zero-day-grants-local-admin-access","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/new-windows-zero-day-grants-local-admin-access\/","title":{"rendered":"#New Windows Zero-Day Grants Local Admin Access"},"content":{"rendered":"

“#New Windows Zero-Day Grants Local Admin Access”<\/strong><\/p>\n

\n
\n
\"Hacker
ViChizh\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n

It seems like there\u2019s a new local zero-day exploit that grants admin privileges on Windows almost every day, and today is no exception. A researcher publically disclosed a vulnerability that lets anyone with standard privileges open a command prompt with\u00a0SYSTEM level access.<\/p>\n

With this vulnerability, threat actors could go through the elevated command prompt to\u00a0elevate their privileges and grant far more access than they\u2019re meant to have. Someone can gain access to a system running Windows 10, Windows 11, and Windows Server 2022.<\/p>\n

The exploit was discovered by researcher\u00a0Abdelhamid Naceri and published on GitHub<\/a>. To verify the issue,\u00a0BleepingComputer<\/a> tested it on a Windows PC running Windows 10 21H1 build 19043.1348 and found that it \u201conly took a few seconds to gain SYSTEM privileges from a test account with \u2018Standard\u2019 privileges.\u201d<\/p>\n

When asked by BleepingComputer why he chose to publicly disclose the vulnerability instead of reporting it to Microsoft\u2019s bug bounty program, he cited massively decreased payouts for reporting issues.\u00a0\u201cMicrosoft bounties has been trashed since April 2020, I really wouldn\u2019t do that if MSFT didn\u2019t take the decision to downgrade those bounties,\u201d explained Naceri.<\/p>\n

As this is a local exploit, the person would need to access your computer in person. However, as mentioned, it only takes a few seconds for them to get elevated access, so they won\u2019t need to be in possession for long. This is an issue you\u2019ll want to watch out for, and make sure to download<\/a> the patch as soon as Microsoft makes one available.<\/p>\n

RELATED:<\/strong> SteelSeries<\/a> Software Bug Gives Windows 10 Admin Rights<\/em><\/strong><\/p>\n<\/div>\n


\n\n<\/div>\n