{"id":18145,"date":"2022-02-02T11:13:00","date_gmt":"2022-02-02T19:13:00","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/02\/02\/news-11878\/"},"modified":"2022-02-02T11:13:00","modified_gmt":"2022-02-02T19:13:00","slug":"news-11878","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/02\/02\/news-11878\/","title":{"rendered":"Apply those updates now: CVE bypass offers up admin privileges for Windows 10"},"content":{"rendered":"

Credit to Author: Malwarebytes Labs| Date: Tue, 01 Feb 2022 11:07:29 +0000<\/strong><\/p>\n

If you\u2019re running Windows 10, it\u2019s time to stop delaying those patches and bring your systems up to date as soon as possible.<\/p>\n

Bleeping Computer reports<\/a> that a researcher has come up with a bypass for an older bug, which could serve up some major headaches if left to fester. Those headaches will take the form of unauthorised admin privileges in Windows 10, alongside creating new admin accounts and more besides.<\/p>\n

What happened the first time round?<\/h2>\n

Back in 2021, Microsoft patched an exploit which had been in use<\/a> since mid-2020. Classed as \u201chigh-severity\u201d, \u201cCVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability\u201d allowed attackers to elevate privileges to admin level.<\/p>\n

Fooling potential victims by having them open bogus email attachments is all it would take to get one foot in the door via code execution. It popped up in a targeted attack<\/a> related to the Bitter APT<\/a> campaign. According to the report, numbers were \u201cvery limited\u201d and struck victims in China.<\/p>\n

What\u2019s happening now?<\/h2>\n

Multiple exploits have dropped for another elevation of privilege vulnerability known as CVE-2022-21882<\/a>. This is a bypass for the previously mentioned CVE-2021-1732<\/a> which was fixed back in February 2021. CVE-2022-21882 was fixed by Microsoft via updates from January 2022. However, sys admins out there may well have skipped the updates due to various bugs<\/a> which came along for the update ride.<\/p>\n

Time to get fixing things?<\/h2>\n

It is absolutely time to get fixing things. The exploit is now out there in the wild, and as Bleeping Computer notes, it \u201caffects all supported support versions of Windows 10 before the January 2022 Patch Tuesday updates\u201d. <\/p>\n

Writers at Bleeping Computer were able to get it to work in testing, and others have confirmed it for themselves:<\/p>\n

\n
\n
\n

Interestingly, #MDE<\/a> detects this PoC as CVE-2021-1732.
This is understandable since this #CVE<\/a>-2022-21882 is a bypass of #CVE<\/a>-2021-1732.
Generic #LPE<\/a> detection #KQL<\/a> query works in this case too.#BlueTeam<\/a> #ThreatHunting<\/a>https:\/\/t.co\/01El9wPjk0<\/a>
\/1 https:\/\/t.co\/vM2apKJsI6<\/a><\/p>\n

— Bhabesh (@bh4b3sh) January 29, 2022<\/a><\/p><\/blockquote>\n