Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Experts warn of a vulnerability in Windows that allows bypassing User Account Control (UAC) and escalating privileges in the system to the SYSTEM level.
The issue, which is being tracked under the identifier CVE-2024-6769, received a CVSS score of 6.7. A demo exploit is currently available.
"There are certain places on the system drive where an attacker can write or delete files. For example, 'C:\Window', which gives an attacker the ability to gain control of files with SYSTEM permissions," explains Fortra's Tyler Reguly.
Microsoft studied the researchers' report, but noted that it does not consider it a vulnerability, since it allegedly falls under the classification of "acceptable security boundaries."
However, the vector demonstrated by Fortra allows an authenticated user to bypass the middle-level UAC security mechanism and gain administrator privileges.
For CVE-2024-6769 to be successfully exploited, the attacker must already have access to the target system. First, you will need to reassign the root disk of the OS (such as "C") to a controlled directory.
This operation should move the "system32" system folder, which is used by many services to download work-critical files.
From here, you can use the method of loading a malicious DLL that the attacker must place in system32. To do this, you can use the CTF Loader (ctfmon.exe) service, which works with administrator privileges.
Microsoft, as noted above, does not plan to fix the problem yet.
Source
The issue, which is being tracked under the identifier CVE-2024-6769, received a CVSS score of 6.7. A demo exploit is currently available.
"There are certain places on the system drive where an attacker can write or delete files. For example, 'C:\Window', which gives an attacker the ability to gain control of files with SYSTEM permissions," explains Fortra's Tyler Reguly.
Microsoft studied the researchers' report, but noted that it does not consider it a vulnerability, since it allegedly falls under the classification of "acceptable security boundaries."
However, the vector demonstrated by Fortra allows an authenticated user to bypass the middle-level UAC security mechanism and gain administrator privileges.
For CVE-2024-6769 to be successfully exploited, the attacker must already have access to the target system. First, you will need to reassign the root disk of the OS (such as "C") to a controlled directory.
This operation should move the "system32" system folder, which is used by many services to download work-critical files.
From here, you can use the method of loading a malicious DLL that the attacker must place in system32. To do this, you can use the CTF Loader (ctfmon.exe) service, which works with administrator privileges.
Microsoft, as noted above, does not plan to fix the problem yet.
Source
