All articles tagged with #privilege escalation
Originally Published 2 months ago — by BleepingComputer
CISA warns that a high-severity Windows SMB vulnerability (CVE-2025-33073), which allows privilege escalation and is actively exploited, affects all recent Windows versions. Microsoft patched it in June 2025, but threat actors are now exploiting it, prompting federal agencies and organizations to urgently apply updates to prevent system compromise.
Originally Published 3 months ago — by The Hacker News
Microsoft patched a critical security flaw in Entra ID (formerly Azure AD) that could have allowed attackers to impersonate any user, including Global Admins, across tenants by exploiting a token validation failure. The vulnerability, which was addressed in July 2025, involved legacy API issues and could bypass MFA and logging, posing a significant threat to tenant security. No evidence of exploitation has been reported, but the flaw highlights risks associated with legacy API dependencies and cloud misconfigurations.
Originally Published 3 months ago — by BleepingComputer
A critical security flaw in Microsoft Entra ID, involving undocumented 'actor tokens' and a vulnerability in the Azure AD Graph API, could have allowed attackers to hijack any company's tenant and gain full administrative access without detection. The issue was discovered by security researcher Dirk-jan Mollema and has since been patched by Microsoft.
Originally Published 5 months ago — by The Hacker News
Zoom and Xerox have released critical security updates to fix vulnerabilities that could allow privilege escalation and remote code execution, affecting Zoom Windows clients and Xerox FreeFlow Core, with the latter's issues being highly severe and exploitable for arbitrary command execution.
Originally Published 5 months ago — by The Hacker News
Microsoft disclosed a high-severity vulnerability in on-premise Exchange Server (CVE-2025-53786) that could allow attackers with admin access to escalate privileges in connected cloud environments, especially in hybrid setups. The flaw, which shares a service principal with Exchange Online, poses risks of undetectable privilege escalation and identity compromise if unpatched. Microsoft recommends applying the latest hotfix, reviewing security configurations, and resetting service principal keys if no longer used. CISA also warns about related malware exploiting recent SharePoint flaws and advises disconnecting outdated or end-of-life Exchange and SharePoint servers from the internet.
Originally Published 6 months ago — by Help Net Security
Two privilege escalation vulnerabilities in the Sudo utility (CVE-2025-32462 and CVE-2025-32463) have been fixed in version 1.9.17p1, and users are advised to update their systems to patch these security flaws that could allow local users to gain root access.
Originally Published 6 months ago — by The Hacker News
Cybersecurity researchers have discovered two critical local privilege escalation flaws in Linux distributions, allowing unprivileged users to gain root access via PAM and udisks, with potential for system compromise. Patches are recommended to mitigate these vulnerabilities.
Originally Published 6 months ago — by BleepingComputer
Two critical local privilege escalation vulnerabilities in Linux's udisks and PAM framework can allow attackers to gain root access on major Linux distributions. The flaws, CVE-2025-6018 and CVE-2025-6019, are especially dangerous because udisks is widely used by default, and exploits have been demonstrated on popular distros like Ubuntu, Debian, Fedora, and openSUSE. Immediate patching is strongly recommended to prevent potential system compromises.
Originally Published 6 months ago — by The Hacker News
The U.S. CISA has issued a warning about an actively exploited privilege escalation vulnerability in the Linux kernel (CVE-2023-0386), which allows local users to gain root access by exploiting an improper ownership management bug in OverlayFS. Although patched earlier in 2023, the flaw is being exploited in the wild, and federal agencies are required to apply patches by July 8, 2025.
Originally Published 1 year ago — by The Hacker News
Ivanti has released critical security updates for its Cloud Services Application (CSA) and Connect Secure products to address multiple vulnerabilities, including an authentication bypass (CVE-2024-11639) with a CVSS score of 10.0, and several command and SQL injection flaws. These vulnerabilities could allow remote attackers to gain administrative access and execute arbitrary code. Users are urged to update to the latest versions to mitigate potential risks, although no active exploitation has been reported yet.
Originally Published 1 year ago — by BleepingComputer
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added a high-severity Linux kernel privilege elevation flaw (CVE-2024-1086) to its Known Exploited Vulnerabilities catalog. This flaw, which allows local attackers to gain root-level access, was introduced in 2014 and fixed in January 2024. Despite most Linux distributions quickly pushing out fixes, Red Hat delayed until March, potentially exposing systems to public exploits. Federal agencies have until June 20, 2024, to apply patches or implement mitigations. CISA also added CVE-2024-24919, an information disclosure vulnerability in Check Point VPN devices, to the catalog.
Originally Published 1 year ago — by BleepingComputer
Cisco has disclosed a high-severity vulnerability in its Integrated Management Controller (IMC) that allows local attackers to escalate privileges to root using public exploit code. The vulnerability, tracked as CVE-2024-20295, is caused by insufficient validation of user-supplied input and affects various Cisco devices running vulnerable IMC versions in default configurations. Cisco has released patches to address the issue and warned of the availability of proof-of-concept exploit code, although there have been no reported attacks exploiting the vulnerability yet. This disclosure follows previous security patches for zero-day vulnerabilities and a warning about a large-scale credential brute-forcing campaign targeting VPN and SSH services on various devices.
Originally Published 1 year ago — by BleepingComputer
Zoom has patched a critical privilege escalation flaw in its Windows apps that could allow unauthenticated attackers to elevate their privileges on the target system over the network. The vulnerability, tracked as CVE-2024-24691, was discovered by Zoom's offensive security team and has a "critical" rating. In addition to this flaw, the latest Zoom release addresses six other vulnerabilities, including issues related to privilege escalation, information disclosure, and denial of service. Users are advised to update their Zoom clients to the latest version to mitigate the risk of external actors exploiting these vulnerabilities to steal data, disrupt meetings, or install backdoors.
Originally Published 1 year ago — by BleepingComputer
A newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc) allows unprivileged attackers to gain root access on major Linux distributions, impacting Debian, Ubuntu, and Fedora systems. Tracked as CVE-2023-6246, the flaw was accidentally introduced in glibc 2.37 and later backported to glibc 2.36, posing a significant threat due to the widespread use of the affected library. Qualys researchers also found three other vulnerabilities in glibc, emphasizing the critical need for strict security measures in software development. This is not the first time Qualys has found Linux root escalation flaws, as they have previously discovered vulnerabilities in glibc's ld.so dynamic loader, Polkit's pkexec component, the Kernel's filesystem layer, and the Sudo Unix program.
Originally Published 2 years ago — by The Hacker News
Researchers have discovered 34 vulnerable Windows drivers that could be exploited by non-privileged threat actors to gain full control of devices and execute arbitrary code. These drivers allow attackers to erase/alter firmware, elevate operating system privileges, and defeat security mechanisms. Some drivers can even render systems unbootable. The technique, known as Bring Your Own Vulnerable Driver (BYOVD), has been used by adversaries to gain elevated privileges and disable security software. The research highlights the need for improved security measures to protect against driver vulnerabilities.