September 25, 2023

PsExec is a fully interactive tool that allows system admins to execute programs on remote systems. PsExec tool is also integrated into and used by enterprise tools to remotely launch executables on other computers.

This PsExec zero-day is caused by a named pipe hijacking vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it Local System permissions.

After successfully exploiting the bug, threat actors will be able to execute arbitrary processes as Local System which effectively allows them to take over the machine.

Windows machine where “admins remotely launch executables on using PsExec if the machine already has a non-admin attacker there trying to elevate their privileges” is vulnerable to attacks attempting to exploit.

POC confirm that the zero-say affects multiple Windows versions from Windows XP up to Windows 10. Version starting from v1.72 to v2.2 has the issues

This vulnerability allows an attacker who can already run code on your remote computer as a non-admin to elevate their privileges to Local System and completely take over the machine as soon as anyone uses PsExec against that machine.

Home users and small businesses, this is probably not a high-priority threat, while for large organizations it should be a threat.

Tags:

Leave a Reply

You may have missed

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023

Air Canada Reveals Data Exposure due to a Cyberattack

September 23, 2023

SandMan APT Group in action against Telcos

September 22, 2023
%d bloggers like this: