Tag

Privilege Escalation

All articles tagged with #privilege escalation

RoguePlanet Privilege Escalation in Defender Finally Patched, No Action Needed
security2 days ago

RoguePlanet Privilege Escalation in Defender Finally Patched, No Action Needed

Microsoft issued security updates addressing RoguePlanet, a privilege-escalation flaw in the Microsoft Malware Protection Engine (mpengine.dll) that could spawn a SYSTEM shell. The fix arrives in Defender engine version 1.1.26060.3008 with defense-in-depth hardening. Disclosed by Chaotic Eclipse, RoguePlanet can be exploited on Windows systems with the June 2026 Patch Tuesday and works regardless of real-time protection. Microsoft says no customer action is required beyond automatic updates.

Ubiquiti rolls out fixes for critical UniFi vulnerabilities across core apps
technology3 days ago

Ubiquiti rolls out fixes for critical UniFi vulnerabilities across core apps

Ubiquiti released patches across UniFi Connect, Talk, Access, Protect, and UniFi OS to fix several critical flaws that could allow privilege escalation or remote command execution. The updates address multiple CVEs (e.g., CVE-2026-50746 for Connect; CVE-2026-50747 for Talk; CVE-2026-50748 and CVE-2026-54400 for Access; CVE-2026-55115 for Protect; CVE-2026-54402 and CVE-2026-55116 for OS) with fixed versions listed for each product. While there’s no confirmed exploitation in the wild, the U.S. CISA has flagged some UniFi OS flaws as weaponized, and historical activity like the MooBot botnet operation involved compromised Edge OS routers. Admins should upgrade to the patched releases to mitigate risk.

Bad Epoll: Tiny Timing Window Lets Unprivileged Users Root Linux and Android
technology8 days ago

Bad Epoll: Tiny Timing Window Lets Unprivileged Users Root Linux and Android

A newly disclosed Linux kernel vulnerability, Bad Epoll (CVE-2026-46242), is a use-after-free race in the epoll subsystem that can let a non-privileged user gain root on Linux desktops, servers, and Android. The attacker exploits a six-instruction timing window to corrupt kernel memory, with broader reach via Chrome’s sandbox and Android support; a upstream patch is available (a6dc643c6931) and backports are expected for 6.4+ kernels, while older 6.1-based Android devices may be unaffected. A public PoC exists, but there’s no evidence of widespread exploitation yet.

Two Actively Exploited Defender Flaws Prompt Auto-Patch Rollout
security1 month ago

Two Actively Exploited Defender Flaws Prompt Auto-Patch Rollout

Microsoft warns that Defender is under active exploitation due to a privilege-escalation flaw (CVE-2026-41091) and a separate denial-of-service flaw (CVE-2026-45498). Updates are delivered automatically via Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, and systems with Defender disabled are not affected. CISA has added both flaws to its Known Exploited Vulnerabilities catalog, with a June 3, 2026 patch deadline for Federal Civilian Executive Branch agencies. The article also references older Microsoft CVEs that have been added to KEV in recent weeks.

PoC Unleashes PinTheft Linux LPE, Unlocks Root Access
cybersecurity1 month ago

PoC Unleashes PinTheft Linux LPE, Unlocks Root Access

A proof-of-concept exploit named PinTheft has been published for a Linux kernel local privilege escalation, leveraging an RDS zerocopy double-free flaw to gain root access under specific kernel configurations. The PoC demonstrates a novel way to steal references via io_uring and overwrite in-memory pages, underscoring ongoing Linux kernel security challenges. Admins should apply latest patches or blacklist vulnerable modules to mitigate risk.

Nine-Year-Old Linux Kernel Bug Lets Local Users Root on Major Distros
security1 month ago

Nine-Year-Old Linux Kernel Bug Lets Local Users Root on Major Distros

Qualys disclosed CVE-2026-46333, a nine-year-old Linux kernel privilege-escalation flaw in __ptrace_may_access() that can let an unprivileged local user read /etc/shadow, access SSH private keys, and execute commands as root on Debian, Fedora, and Ubuntu; a PoC is available, patches have been released, and mitigations include updating the kernel or setting kernel.yama.ptrace_scope=2 and rotating host keys.

Public PoC Unleashes Windows 'MiniPlasma' Privilege-Escalation to SYSTEM
cyber-security-news1 month ago

Public PoC Unleashes Windows 'MiniPlasma' Privilege-Escalation to SYSTEM

A publicly released PoC for the Windows 'MiniPlasma' zero-day privilege-escalation flaw lets unprivileged users gain SYSTEM privileges by exploiting the Cloud Filter driver’s HsmOsBlockPlaceholderAccess race condition and writing to the .DEFAULT hive. The bug traces to CVE-2020-17103 (originally patched in 2020 by Microsoft) but the PoC shows the flaw remains exploitable; Nightmare-Eclipse released the exploit on GitHub on May 13, 2026, after May Patch Tuesday, increasing risk as weaponized code circulates and affects all Windows versions. Organizations should monitor Microsoft’s response and apply patches when available.

PoC Exploit Enables Root on Some Linux Systems via DirtyDecrypt(rxgk) Flaw
technology1 month ago

PoC Exploit Enables Root on Some Linux Systems via DirtyDecrypt(rxgk) Flaw

A patched Linux kernel flaw in the rxgk module, known as DirtyDecrypt/DirtyCBC, now has a proof-of-concept exploit that can grant root access on affected systems. The vulnerability aligns with CVE-2026-31635 and requires CONFIG_RXGK; it mainly affects distros tracking upstream kernels (e.g., Fedora, Arch, openSUSE). V12 Security reported the flaw, and patches are available, though a temporary mitigation involving disabling specific modules could disrupt IPsec VPNs and AFS. This comes amid broader activity around root-privilege flaws, with CISA warning about Copy Fail being exploited in the wild.

MiniPlasma PoC Prompts SYSTEM Privilege Escalation on Windows
security1 month ago

MiniPlasma PoC Prompts SYSTEM Privilege Escalation on Windows

Security researcher Chaotic Eclipse released a MiniPlasma PoC that can grant SYSTEM privileges on patched Windows by abusing cldflt.sys (Cloud Files Mini Filter Driver); the flaw traces to CVE-2020-17103 and may be unpatched on many systems, suggesting broad impact across Windows versions. The PoC exploits a race condition and has shown reliability on Windows 11 May 2026 builds, though results vary by build (Insider Canary sometimes unaffected). Microsoft had addressed a related issue in 2025 (CVE-2025-62221).

MiniPlasma PoC: New Windows zero-day grants SYSTEM on patched PCs
technology1 month ago

MiniPlasma PoC: New Windows zero-day grants SYSTEM on patched PCs

A security researcher released a GitHub proof-of-concept for a Windows privilege-escalation zero-day named MiniPlasma, which reportedly lets attackers obtain SYSTEM privileges on patched Windows by abusing the Cloud Filter driver (cldflt.sys) and the HsmOsBlockPlaceholderAccess path; the issue traces to CVE-2020-17103, first reported by Google Project Zero and allegedly fixed in December 2020, though the author claims it remains exploitable. BleepingComputer verified the PoC on Windows 11 Pro with May 2026 updates, while a vulnerability analyst confirmed it works on public builds but not on Canary; the disclosure follows Chaotic Eclipse's ongoing sequence of Windows zero-days and public protest against Microsoft’s handling of bug bounties. Microsoft has not publicly responded to this additional disclosure.

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows
cyber-security1 month ago

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows

Two new unpatched Windows BitLocker zero-days—YellowKey (encryption bypass) and GreenPlasma (privilege escalation)—were disclosed after Patch Tuesday, leaving Windows 11 and Windows Server 2022/2025 exposed. YellowKey exploits the Windows Recovery Environment to bypass full-disk encryption, granting attackers full access to the system drive with physical access; GreenPlasma could enable unauthorized commands via arbitrary memory-section creation, enabling persistence and potential kernel-level access. There is no official patch yet; mitigations include enabling a BitLocker PIN, enforcing robust BIOS passwords, guarding WinRE against tampering, and restricting physical access until Microsoft releases fixes. Windows 10 is not affected.

AI-Discovered Fragnesia: a new Linux kernel flaw that could grant root access
security1 month ago

AI-Discovered Fragnesia: a new Linux kernel flaw that could grant root access

AI-assisted disclosure reveals Fragnesia, the third major Linux kernel local root vulnerability in two weeks, which lets an unprivileged user corrupt the kernel page cache via ESP-in-TCP and escalate to root; a PoC exists and Red Hat assigns a CVSS of 7.8. Upstream patches are available but not yet in distros as of May 13, and mitigations include disabling esp4/esp6/rxrpc or constraining user namespaces—though these can break IPsec or rootless containers. Patches are expected soon (around May 14) as AI bug detection accelerates the discovery of new flaws.

New Windows Zero-Days Target WinRE BitLocker Bypass and SYSTEM Privilege Escalation
security1 month ago

New Windows Zero-Days Target WinRE BitLocker Bypass and SYSTEM Privilege Escalation

Researchers Chaotic Eclipse and Nightmare-Eclipse disclosed two Windows zero-days: YellowKey, a BitLocker bypass in Windows Recovery Environment via specially crafted FsTx files on USB or the EFI partition, and GreenPlasma, a privilege-escalation flaw tied to Windows CTFMON that could let an unprivileged user create arbitrary memory sections and potentially control privileged services. A separate BitLocker downgrade chain described by Intrinsec (CVE-2025-48804) could defeat encryption on fully patched systems with physical access by boot-image tampering. Mitigations include enabling BitLocker startup PIN, migrating the boot manager to CA 2023 certificates, and revoking PCA 2011 certificates as older certificates are retired; Microsoft notes coordinated vulnerability disclosure and upcoming Patch Tuesday updates in June 2026.