Windows 10 and Windows 11 users, along with Linux users, face two huge security vulnerabilities it’s been revealed, which could allow hackers to get their hands on sensitive PC data. The newly-identified local privilege escalation vulnerabilities could allow bad actors to take advantage of a simple loophole in the OS to effectively climb through levels of much more important data.
For example, by tapping a more humdrum exploit, hackers could gain simple access to a computer remotely. Once compromised, however, a second vulnerability could be used to escalate just what control over the system that they have. Most dangerously, these new Windows 10/11 and Linux vulnerabilities suggest that hackers could eventually end up with full admin or root privileges.
For Linux, bad news for Ubuntu, Debian, and Fedora Workstation
Linux users may generally be able to say that their computers are more secure than Windows PCs, but that doesn’t mean they’re invulnerable, as this newly-identified exploit demonstrates. Spotted by Qualys, the size_t-to-int type conversion vulnerability likely affects most Linux OSes, the researchers warn.
“Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation,” Bharat Jogi, Senior Manager of Vulnerabilities and Signatures at Qualys, explains. “Other Linux distributions are likely vulnerable and probably exploitable.”
The security team notified Red Hat Product Security of CVE-2021-33909 and CVE-2021-33910, alerting vendors and open-source distribution about the vulnerabilities. If you’re running a Linux system, you should be looking to see if there are patches for your computer as a matter of urgency. A Qualys representative told ArsTechnica that it would take just three minutes or so to undertake the exploit.
Both Windows 10 and the Windows 11 beta have security issues today
Windows users aren’t in the clear, either. A different local privilege escalation vulnerability affects not only Windows 10 but the latest Windows 11 beta, too. In fact, Microsoft confirms, anything from Windows 10 version 1809 and newer is at risk.
According to the software company’s description of CVE-2021-36934, once a person has the ability to execute code on a victim system, they could use the vulnerability to eventually grant themselves full admin control. “An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” Microsoft explains. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Indeed, it would be possible to extract password hashes using the vulnerability, as researcher Benjamin Delpy demonstrates.
Although no exploit is known to be in the wild, Microsoft adds, it believes exploitation is “more likely.” Though there’s no current patch for the problem, there are workarounds for a temporary fix. That includes restricting access to certain parts of Windows, though the downside there is that third-party backup applications may then struggle to restore data later on.