#privilege-escalation

[ follow ]
#vulnerability
Theregister
1 week ago
Information security

More details on that Windows Installer 'make me admin' hole

Microsoft's Patch Tuesday revealed a critical flaw in Windows Installer that can allow privilege escalation to SYSTEM level, necessitating immediate action. [ more ]
The Hacker News
1 month ago
DevOps

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Microsoft Azure Kubernetes Services had a privilege escalation flaw allowing attacker access to cluster secrets.
The attack leveraged a component called Azure WireServer to obtain sensitive credentials. [ more ]
Ars Technica
3 months ago
Information security

Federal agency warns critical Linux vulnerability being actively exploited

CISA added a critical Linux security bug, CVE-2024-1086, actively exploited, granting privilege escalation through a use-after-free vulnerability in Linux kernel versions 5.14-6.6. [ more ]
TechRepublic
9 months ago
Privacy professionals

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Cybersecurity researchers discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.
The vulnerability allows attackers to use privilege escalation to gain access that would otherwise only be available to Super Admins. [ more ]
Theregister
1 week ago
Information security

More details on that Windows Installer 'make me admin' hole

Microsoft's Patch Tuesday revealed a critical flaw in Windows Installer that can allow privilege escalation to SYSTEM level, necessitating immediate action. [ more ]
The Hacker News
1 month ago
DevOps

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Microsoft Azure Kubernetes Services had a privilege escalation flaw allowing attacker access to cluster secrets.
The attack leveraged a component called Azure WireServer to obtain sensitive credentials. [ more ]
Ars Technica
3 months ago
Information security

Federal agency warns critical Linux vulnerability being actively exploited

CISA added a critical Linux security bug, CVE-2024-1086, actively exploited, granting privilege escalation through a use-after-free vulnerability in Linux kernel versions 5.14-6.6. [ more ]
TechRepublic
9 months ago
Privacy professionals

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Cybersecurity researchers discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.
The vulnerability allows attackers to use privilege escalation to gain access that would otherwise only be available to Super Admins. [ more ]
morevulnerability
Zero Day Initiative
2 weeks ago
Information security

Zero Day Initiative - Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks (Archive)

Arbitrary file deletes can be exploited for privilege escalation in Windows, contrary to initial perceptions that they are low-impact exploits. [ more ]
#vulnerabilities
The Hacker News
1 month ago
Information security

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft is addressing two vulnerabilities allowing downgrade attacks on Windows update architecture.
The vulnerabilities, discovered by SafeBreach Labs researcher Alon Leviev, could lead to privilege escalation and security flaw reintroduction.
A tool called Windows Downdate can exploit the vulnerabilities to make fully patched Windows systems vulnerable to past exploits. [ more ]
Theregister
4 months ago
Information security

Four critical bugs in ArubaOS lead to remote code execution

Network admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation. [ more ]
The Hacker News
1 month ago
Information security

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft is addressing two vulnerabilities allowing downgrade attacks on Windows update architecture.
The vulnerabilities, discovered by SafeBreach Labs researcher Alon Leviev, could lead to privilege escalation and security flaw reintroduction.
A tool called Windows Downdate can exploit the vulnerabilities to make fully patched Windows systems vulnerable to past exploits. [ more ]
Theregister
4 months ago
Information security

Four critical bugs in ArubaOS lead to remote code execution

Network admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation. [ more ]
morevulnerabilities
Zero Day Initiative
1 month ago
JavaScript

Zero Day Initiative - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2

ESET Smart Security's ekrn.exe can be exploited due to handling of file operation permissions, potentially leading to privilege escalation. [ more ]
Zero Day Initiative
1 month ago
JavaScript

Zero Day Initiative - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2

Escalating privileges through file deletion and symbolic link creation in ESET Smart Security's ekrn.exe service. [ more ]
#security-vulnerability
The Hacker News
1 month ago
Information security

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

A vulnerability named ConfusedFunction allows attackers to escalate privileges in Google Cloud Functions and access unauthorized data.
Google has updated Cloud Build to prevent misuse post-responsible disclosure. [ more ]
Theregister
7 months ago
Information security

Zoom stomps critical privilege escalation bug, 6 other flaws

Zoom has revealed a critical privilege escalation vulnerability in its products that could allow unauthenticated users to gain higher privileges.
The company has released updates to patch the vulnerability, along with other medium-severity issues. [ more ]
The Hacker News
1 month ago
Information security

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

A vulnerability named ConfusedFunction allows attackers to escalate privileges in Google Cloud Functions and access unauthorized data.
Google has updated Cloud Build to prevent misuse post-responsible disclosure. [ more ]
Theregister
7 months ago
Information security

Zoom stomps critical privilege escalation bug, 6 other flaws

Zoom has revealed a critical privilege escalation vulnerability in its products that could allow unauthenticated users to gain higher privileges.
The company has released updates to patch the vulnerability, along with other medium-severity issues. [ more ]
moresecurity-vulnerability
Zero Day Initiative
6 months ago
Information security

Zero Day Initiative - CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability

Privilege escalation vulnerability in .NET Framework and Visual Studio patched
Exploitation leads to remote file manipulation in the context of the FTP server [ more ]
Dark Reading
10 months ago
Information security

Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation

Microsoft released fixes for 63 bugs in its November update, including three zero-days that are actively being exploited by threat actors.
The November update is smaller in comparison to the October update and contains fewer critical vulnerabilities.
One of the zero-days, CVE-2023-36036, allows attackers to acquire system-level privileges. [ more ]
[ Load more ]