What is a privilege escalation attack?

An elevation of privilege attack occurs when a user or malicious software process manages to obtain higher permissions – and therefore more control over a computer system – than it is usually granted.

This can be achieved by exploiting a bug, vulnerability, misconfiguration in a software application or operating system, exploiting stolen login credentials, or social engineering scenarios designed to trick an authorized user into giving a malicious process or giving a user access to things it shouldn’t.

Kaspersky Password Manager

Your digital activities simplified

Store your passwords and documents in a secure private vault and access them with one click from all your devices.

  • Kaspersky
  • Annual renewal
  • £10.49 per year

Buy now

Stolen credentials attacks are a great example of why you should regularly check to see if your passwords have been compromised. Other exploits take advantage of features that actually work the way they’re supposed to, such as the venerable Windows Sticky Key Exploitwhich could take advantage of accessibility features to open a command shell on some versions of Windows.

The most noteworthy privilege escalation attacks are those that exploit “zero-day” (previously unknown) software vulnerabilities that have not yet been discovered and largely patched (protected against via an update). software).

New privilege escalation vulnerabilities appear – and are usually quickly patched – Every two weeks. They are usually not announced until fixes are available and most are limited to specific software applications.

Noteworthy examples with a broader scope include:

  • a 2021 remote code injection vulnerability in Apache Log4j affected any Java server that used the utility to keep its logs
  • 2021 HiveNightmare/SeriousSAM allowed unprivileged Windows users to gain administrator rights by exploiting registry access and security account manager that authenticates local users
  • 2016 dirty cowwhich allowed unprivileged users to write to read-only files in Linux, including the password file
  • 2022 Dirty pipeaffecting Linux and Android kernels, allows unprivileged users to inject malicious code, which again can be used to overwrite password files

And yes, major vulnerabilities are often given completely ridiculous names.

The good news for average users is that most of these vulnerabilities require access to a less-privileged local account to exploit, and home PCs by default generally don’t expose themselves to the internet in an easily exploitable way.

Am I at risk of a privilege escalation attack?

If your standard user accounts (and any accounts used by specific applications) are secured with strong passwords and strong network defenses, such as a properly configured firewall between local systems and the wider Internet , the practical threat to your average home user is minimal.

It is more of a threat to corporate networks, virtual machine hypervisors (servers that host and control virtual machines, found in both local corporate networks and hosting online servers) and Internet-connected systems such as web or game servers. The log4j vulnerability I mentioned can be exploited on unpatched versions of Minecraft, allowing malicious actors to run software on both vulnerable servers and connected clients.

Kaspersky Password Manager

Kaspersky Password Manager

Your digital activities simplified

Store your passwords and documents in a secure private vault and access them with one click from all your devices.

  • Kaspersky
  • Annual renewal
  • £10.49 per year

Buy now

Needless to say, Minecraft developer Microsoft-owned Mojang was quick to roll out patches for the official client builds, but it still left some modified versions of the client and server exposed until that they are corrected manually.

As a user, if you keep your operating system and software up to date, you don’t have to worry. Many antivirus and security suites include update and vulnerability scanners to help you keep up.

If you are a system administrator, being aware of vulnerabilities as soon as they are announced and ensuring that you apply patches quickly is an important part of your responsibilities.

About Jon Moses

Check Also

IBM launches fourth-generation LinuxONE servers

IBM has unveiled the next generation of its LinuxONE server, which uses the Telum processor …