All articles tagged with #privilege escalation
A high-severity local privilege escalation in Ubuntu's snapd (CVE-2026-3888) could let a local user recreate the snap private /tmp directory when systemd-tmpfiles runs, enabling root access. Qualys-discovered flaw has prompted patches across Ubuntu releases, with 24.04 LTS and 25.10 affected out-of-the-box; Ubuntu 22.04 LTS and older are only impacted in non-default configurations.
Qualys disclosed multiple vulnerabilities in Ubuntu’s AppArmor kernel security module (CrackArmor) that can cause memory leaks and DoS, and, when combined with a sudo discovery, may enable local privilege escalation. Canonical is rolling out fixes across affected Ubuntu releases, addressing issues from DFA state bounds and memory leaks to policy namespace limits and race conditions. The advisory also notes unsafe su behavior prompting hardening, with the sudo flaw affecting releases back to 22.04 LTS and su hardening traced to 20.04 LTS; more details are available in Qualys’ advisory.
Microsoft disclosed a critical zero-day in SQL Server (CVE-2026-21262) that enables an authenticated attacker to escalate to the sysadmin role via improper access control. The flaw has a CVSS v3.1 base score of 8.8 (Important) and is exploitable over the network with low complexity and no user interaction. While not yet observed in the wild, the disclosure lowers the barrier for exploits. Microsoft has released patches for SQL Server 2016–2025; administrators should urgently apply updates, audit permissions, restrict privileged access, and upgrade unsupported versions to receive future fixes.
Microsoft released 84 patches in March Patch Tuesday across its software stack, including two publicly disclosed zero-days: CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET. Eight flaws are critical and 76 are important, with privilege escalation accounting for 46 fixes. Notable issues include a Winlogon privilege escalation (CVE-2026-25187, 7.8), an Azure MCP server-side request-forgery (CVE-2026-26118, 8.8) that could abuse the server’s identity, and a high-severity RCE in the Microsoft Devices Pricing Program (CVE-2026-21536, 9.8) that Microsoft says is fully mitigated. An Excel information-disclosure flaw (CVE-2026-26144, 7.5) could enable data exfiltration via Copilot Agent in a zero-click attack. Microsoft is also moving toward hotpatch security updates via Windows Autopatch by May 2026 to speed fixes, with XBOW credited for vulnerability discovery and researchers noting such bugs often enable post-compromise activity.
Security researchers disclosed a now-patched Chrome vulnerability, CVE-2026-0628, caused by weak WebView policy that could let a malicious extension inject code into the Gemini Live panel, enabling privilege escalation and access to local files, camera, microphone, and screenshots. The flaw affected Chrome versions prior to 143.0.7499.192/193 (Windows/macOS) and 143.0.7499.192 (Linux) and was fixed by Google in early January 2026. The incident underscores risks from AI-enabled browser components expanding the attack surface and the potential for abuse via extensions with basic permissions.
Microsoft patched CVE-2026-26119, a high-severity improper authentication flaw in Windows Admin Center that could allow an authenticated attacker to elevate privileges to the user running the affected app; the fix arrived with Windows Admin Center v2511 (Dec 2025). While there are no confirmed exploits in the wild, Microsoft flags exploitation as more likely and researchers warn it could enable domain compromise under certain conditions.
CISA warns that a high-severity Windows SMB vulnerability (CVE-2025-33073), which allows privilege escalation and is actively exploited, affects all recent Windows versions. Microsoft patched it in June 2025, but threat actors are now exploiting it, prompting federal agencies and organizations to urgently apply updates to prevent system compromise.
Microsoft patched a critical security flaw in Entra ID (formerly Azure AD) that could have allowed attackers to impersonate any user, including Global Admins, across tenants by exploiting a token validation failure. The vulnerability, which was addressed in July 2025, involved legacy API issues and could bypass MFA and logging, posing a significant threat to tenant security. No evidence of exploitation has been reported, but the flaw highlights risks associated with legacy API dependencies and cloud misconfigurations.
A critical security flaw in Microsoft Entra ID, involving undocumented 'actor tokens' and a vulnerability in the Azure AD Graph API, could have allowed attackers to hijack any company's tenant and gain full administrative access without detection. The issue was discovered by security researcher Dirk-jan Mollema and has since been patched by Microsoft.
Zoom and Xerox have released critical security updates to fix vulnerabilities that could allow privilege escalation and remote code execution, affecting Zoom Windows clients and Xerox FreeFlow Core, with the latter's issues being highly severe and exploitable for arbitrary command execution.
Microsoft disclosed a high-severity vulnerability in on-premise Exchange Server (CVE-2025-53786) that could allow attackers with admin access to escalate privileges in connected cloud environments, especially in hybrid setups. The flaw, which shares a service principal with Exchange Online, poses risks of undetectable privilege escalation and identity compromise if unpatched. Microsoft recommends applying the latest hotfix, reviewing security configurations, and resetting service principal keys if no longer used. CISA also warns about related malware exploiting recent SharePoint flaws and advises disconnecting outdated or end-of-life Exchange and SharePoint servers from the internet.
Two privilege escalation vulnerabilities in the Sudo utility (CVE-2025-32462 and CVE-2025-32463) have been fixed in version 1.9.17p1, and users are advised to update their systems to patch these security flaws that could allow local users to gain root access.
Cybersecurity researchers have discovered two critical local privilege escalation flaws in Linux distributions, allowing unprivileged users to gain root access via PAM and udisks, with potential for system compromise. Patches are recommended to mitigate these vulnerabilities.
Two critical local privilege escalation vulnerabilities in Linux's udisks and PAM framework can allow attackers to gain root access on major Linux distributions. The flaws, CVE-2025-6018 and CVE-2025-6019, are especially dangerous because udisks is widely used by default, and exploits have been demonstrated on popular distros like Ubuntu, Debian, Fedora, and openSUSE. Immediate patching is strongly recommended to prevent potential system compromises.
The U.S. CISA has issued a warning about an actively exploited privilege escalation vulnerability in the Linux kernel (CVE-2023-0386), which allows local users to gain root access by exploiting an improper ownership management bug in OverlayFS. Although patched earlier in 2023, the flaw is being exploited in the wild, and federal agencies are required to apply patches by July 8, 2025.