Security vulnerabilities for two popular operating systems – Windows and Linux – were both revealed on the same day, July 20th. These security flaws can allow hackers with toehold access to bypass security and elevate access, letting them extract passwords and other sensitive data.
Toehold access refers to the situation in which hackers gain a small foothold in the infected system, usually constrained to the lowest level of system access. In order to elevate access, they usually need to find another vulnerability that will help them move up the chain.
The vulnerability in Microsoft’s OS was discovered by accident when a security researcher probing Windows 11 found what he thought was a coding regression in the upcoming OS’ beta version. However, the researcher soon noticed that users with low-level system privileges could access the user account and security descriptors stored in the Windows security account manager. Then, by reading information such as the password for the Windows installation and keys for the Windows data protection API (which is used for decrypting private access keys), attackers could elevate their access all the way up to that of a system administrator – the highest level possible.
Contrary to the researcher’s initial belief, this is not a regression introduced in Windows 11 beta, as the same vulnerability is present in the latest version of Windows 10.
As for Linux, the vulnerability allows the hacker to gain complete system access by “creating, mounting, and deleting a deep directory structure with a total path length that exceeds 1GB and then opening and reading the /proc/self/mountinfo file.”
Researchers from Qualys, the company that discovered the vulnerability, stated: “We successfully exploited this uncontrolled out-of-bounds write and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation”.
The patch for Linux is already underway, but there’s still no talk about one for Windows. Before a patch comes out, there’s nothing you can do if the attackers are in your system already. Still, you can prevent attackers from gaining access in the first place by utilizing a good antivirus program and employing other standard cybersecurity practices.