A Google search of “privilege escalation” yields numerous articles about software bugs that hackers could exploit to gain elevated access to IT resources. In the past few months, Microsoft alone has released software updates that address two serious privilege escalation threats.
In July 2018, security researchers reported a vulnerability in the Microsoft .NET Framework that could allow an attacker to escalate privileges on a target system. Microsoft confirmed the vulnerability, which it assigned reference number CVE-2018-8202 and classified as “critical.”
The vulnerability is caused by improper activation of a Component Object Model (COM) object when processing user input. By entering malicious input, an attacker could gain escalated privileges that enable the execution of arbitrary code and allow the attacker to gain complete control of the system. Security experts consider the attack to be easy. The hacker would only need user-level access to the target system to exploit the flaw.
In a recent report on the top 20 vulnerabilities affecting enterprise environments, CVE-2018-8202 was given the dubious honor of being named number one. Security researchers estimate the bug could potentially impact 32 percent of all enterprises due to the widespread use of Microsoft products.
But CVE-2018-8202 isn’t alone. In September 2018, Microsoft released patches addressing a privilege escalation vulnerability caused by improper handling of Advanced Local Procedure Calls, which enable the transfer of data among processes in Windows. This bug, dubbed CVE-2018-8440, could be exploited in much the same way as CVE-2018-8202. A hacker with login credentials for a target system could run malicious software to escalate privileges. If successful, the hacker could install software, view, change, or delete data, and otherwise take control of the system.
Privilege escalation exploits fall into two camps: horizontal and vertical. In horizontal privilege escalation, attackers use a regular user’s credentials to gain the level of access held by that user. The hacker might steal the username and password for the user’s local machine, then use keylogging malware to obtain credentials for the user’s financial accounts and other sensitive applications and data. The hacker could then move laterally through the network to the next user.
Vertical privilege escalation involves moving up the ladder from low-level users to gain access to administrator accounts. By gaining privileged credentials, an attacker can create new users, run malicious code, change system settings, and more.
As noted previously, Microsoft has released patches for CVE-2018-8202 and CVE-2018-8440. Administrators are advised to install these patches as quickly as possible. However, organizations should also take steps to reduce the risk that an escalation of privileges vulnerability could be exploited before a patch can be released. This involves limiting local administrator access, protecting privileged credentials, rotating privileged credentials regularly, and monitoring privileged sessions.
Clango can help you take advantage of CyberArk’s Core Privileged Access Security platform to protect against privilege escalation attacks. Our team of CyberArk Certified Delivery Engineers have an average of five years of hands-on experience with the CyberArk product suite and have successfully completed hundreds of CyberArk projects. We can customize CyberArk to support your IT operational workflows and integrate it with industry-leading security tools.
For more information about eliminating privilege escalation vulnerabilities, please send us an email at (firstname.lastname@example.org).