Atera Windows Installers Vulnerable to Critical Privilege Escalation Attacks

July 24, 2023 at 01:01 PM

•

1 min read

Atera Windows Installers Vulnerable to Critical Privilege Escalation Attacks — Photo: The Hacker News

TL;DR Summary

Zero-day vulnerabilities in the Windows Installers for Atera's remote monitoring and management software have been discovered, posing a risk of privilege escalation attacks. The flaws, assigned CVE-2023-26077 and CVE-2023-26078, have been patched in Atera versions 1.8.3.7 and 1.8.4.9. The vulnerabilities allow for the execution of arbitrary code with elevated privileges and involve misconfigured Custom Actions running as NT AUTHORITY\SYSTEM. Exploitation of these weaknesses could lead to local privilege escalation attacks.

Topics:technology #atera #privilege-escalation #vulnerabilities #windows-installers #windows-security #zero-day

Share this article

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks The Hacker News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

84%

442 → 70 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights