Tag

Privilege Escalation

All articles tagged with #privilege escalation

security4 days ago•2 min saved

Two Actively Exploited Defender Flaws Prompt Auto-Patch Rollout

Microsoft warns that Defender is under active exploitation due to a privilege-escalation flaw (CVE-2026-41091) and a separate denial-of-service flaw (CVE-2026-45498). Updates are delivered automatically via Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, and systems with Defender disabled are not affected. CISA has added both flaws to its Known Exploited Vulnerabilities catalog, with a June 3, 2026 patch deadline for Federal Civilian Executive Branch agencies. The article also references older Microsoft CVEs that have been added to KEV in recent weeks.

via The Hacker News|

#cve-2026-41091 #cve-2026-45498 #denial-of-service

cybersecurity5 days ago•58 min saved

PoC Unleashes PinTheft Linux LPE, Unlocks Root Access

A proof-of-concept exploit named PinTheft has been published for a Linux kernel local privilege escalation, leveraging an RDS zerocopy double-free flaw to gain root access under specific kernel configurations. The PoC demonstrates a novel way to steal references via io_uring and overwrite in-memory pages, underscoring ongoing Linux kernel security challenges. Admins should apply latest patches or blacklist vulnerable modules to mitigate risk.

via CyberSecurityNews|

#cybersecurity #iouring #linux-kernel

security5 days ago•2 min saved

Nine-Year-Old Linux Kernel Bug Lets Local Users Root on Major Distros

Qualys disclosed CVE-2026-46333, a nine-year-old Linux kernel privilege-escalation flaw in __ptrace_may_access() that can let an unprivileged local user read /etc/shadow, access SSH private keys, and execute commands as root on Debian, Fedora, and Ubuntu; a PoC is available, patches have been released, and mitigations include updating the kernel or setting kernel.yama.ptrace_scope=2 and rotating host keys.

via The Hacker News|

#cve-2026-46333 #debian-ubuntu-fedora #linux-kernel

cyber-security-news7 days ago•57 min saved

Public PoC Unleashes Windows 'MiniPlasma' Privilege-Escalation to SYSTEM

A publicly released PoC for the Windows 'MiniPlasma' zero-day privilege-escalation flaw lets unprivileged users gain SYSTEM privileges by exploiting the Cloud Filter driver’s HsmOsBlockPlaceholderAccess race condition and writing to the .DEFAULT hive. The bug traces to CVE-2020-17103 (originally patched in 2020 by Microsoft) but the PoC shows the flaw remains exploitable; Nightmare-Eclipse released the exploit on GitHub on May 13, 2026, after May Patch Tuesday, increasing risk as weaponized code circulates and affects all Windows versions. Organizations should monitor Microsoft’s response and apply patches when available.

via CyberSecurityNews|

#cyber-security-news #miniplasma #nightmare-eclipse

technology8 days ago•3 min saved

PoC Exploit Enables Root on Some Linux Systems via DirtyDecrypt(rxgk) Flaw

A patched Linux kernel flaw in the rxgk module, known as DirtyDecrypt/DirtyCBC, now has a proof-of-concept exploit that can grant root access on affected systems. The vulnerability aligns with CVE-2026-31635 and requires CONFIG_RXGK; it mainly affects distros tracking upstream kernels (e.g., Fedora, Arch, openSUSE). V12 Security reported the flaw, and patches are available, though a temporary mitigation involving disabling specific modules could disrupt IPsec VPNs and AFS. This comes amid broader activity around root-privilege flaws, with CISA warning about Copy Fail being exploited in the wild.

via BleepingComputer|

#dirtydecrypt #linux-kernel #poc

security8 days ago•1 min saved

MiniPlasma PoC Prompts SYSTEM Privilege Escalation on Windows

Security researcher Chaotic Eclipse released a MiniPlasma PoC that can grant SYSTEM privileges on patched Windows by abusing cldflt.sys (Cloud Files Mini Filter Driver); the flaw traces to CVE-2020-17103 and may be unpatched on many systems, suggesting broad impact across Windows versions. The PoC exploits a race condition and has shown reliability on Windows 11 May 2026 builds, though results vary by build (Insider Canary sometimes unaffected). Microsoft had addressed a related issue in 2025 (CVE-2025-62221).

via The Hacker News|

#cldfltsys #miniplasma #poc

technology8 days ago•4 min saved

MiniPlasma PoC: New Windows zero-day grants SYSTEM on patched PCs

A security researcher released a GitHub proof-of-concept for a Windows privilege-escalation zero-day named MiniPlasma, which reportedly lets attackers obtain SYSTEM privileges on patched Windows by abusing the Cloud Filter driver (cldflt.sys) and the HsmOsBlockPlaceholderAccess path; the issue traces to CVE-2020-17103, first reported by Google Project Zero and allegedly fixed in December 2020, though the author claims it remains exploitable. BleepingComputer verified the PoC on Windows 11 Pro with May 2026 updates, while a vulnerability analyst confirmed it works on public builds but not on Canary; the disclosure follows Chaotic Eclipse's ongoing sequence of Windows zero-days and public protest against Microsoft’s handling of bug bounties. Microsoft has not publicly responded to this additional disclosure.

via BleepingComputer|

#cybersecurity #poc #privilege-escalation

cyber-security10 days ago•57 min saved

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows

Two new unpatched Windows BitLocker zero-days—YellowKey (encryption bypass) and GreenPlasma (privilege escalation)—were disclosed after Patch Tuesday, leaving Windows 11 and Windows Server 2022/2025 exposed. YellowKey exploits the Windows Recovery Environment to bypass full-disk encryption, granting attackers full access to the system drive with physical access; GreenPlasma could enable unauthorized commands via arbitrary memory-section creation, enabling persistence and potential kernel-level access. There is no official patch yet; mitigations include enabling a BitLocker PIN, enforcing robust BIOS passwords, guarding WinRE against tampering, and restricting physical access until Microsoft releases fixes. Windows 10 is not affected.

via CyberSecurityNews|

#bitlocker #cyber-security #note-only-five-allowed-using-five-tags-below

technology11 days ago•8 min saved

AI Tool Uncovers macOS Privilege-Escalation Flaw, Apple Investigating

Anthropic's Claude Mythos Preview aided researchers at Calif in revealing a macOS kernel-level privilege-escalation vulnerability by chaining two bugs; Apple is reviewing the report to validate the findings, and while macOS 26.5 notes a kernel fix credited to Calif and Anthropic, it’s unclear whether the exploit is patched yet.

via MacRumors|

#ai #anthropic #apple

technology11 days ago•2 min saved

Patch Fixes ssh-keysign-pwn: Linux Kernel Corrects Root File Access by Unprivileged Users

A Linux kernel vulnerability named ssh-keysign-pwn allowed unprivileged users to read root-owned files; a mainline patch adjusting ptrace behavior has been released to fix all affected kernel releases.

via Phoronix|

#kernel #linux #privilege-escalation

security11 days ago•5 min saved

AI-Discovered Fragnesia: a new Linux kernel flaw that could grant root access

AI-assisted disclosure reveals Fragnesia, the third major Linux kernel local root vulnerability in two weeks, which lets an unprivileged user corrupt the kernel page cache via ESP-in-TCP and escalate to root; a PoC exists and Red Hat assigns a CVSS of 7.8. Upstream patches are available but not yet in distros as of May 13, and mitigations include disabling esp4/esp6/rxrpc or constraining user namespaces—though these can break IPsec or rootless containers. Patches are expected soon (around May 14) as AI bug detection accelerates the discovery of new flaws.

via ZDNET|

#kernel #linux #privilege-escalation

security12 days ago•4 min saved

New Windows Zero-Days Target WinRE BitLocker Bypass and SYSTEM Privilege Escalation

Researchers Chaotic Eclipse and Nightmare-Eclipse disclosed two Windows zero-days: YellowKey, a BitLocker bypass in Windows Recovery Environment via specially crafted FsTx files on USB or the EFI partition, and GreenPlasma, a privilege-escalation flaw tied to Windows CTFMON that could let an unprivileged user create arbitrary memory sections and potentially control privileged services. A separate BitLocker downgrade chain described by Intrinsec (CVE-2025-48804) could defeat encryption on fully patched systems with physical access by boot-image tampering. Mitigations include enabling BitLocker startup PIN, migrating the boot manager to CA 2023 certificates, and revoking PCA 2011 certificates as older certificates are retired; Microsoft notes coordinated vulnerability disclosure and upcoming Patch Tuesday updates in June 2026.

via The Hacker News|

#bitlocker #privilege-escalation #security

security12 days ago•2 min saved

Fragnesia LPE Uses Kernel Page Cache to Grant Root Access (CVE-2026-46300)

A new Linux kernel local privilege escalation called Fragnesia (CVE-2026-46300) targets the XFRM ESP-in-TCP subsystem to corrupt the kernel page cache and convert unprivileged users into root. A PoC has been released, advisories have been issued by major distros, and patches are available. Users should patch promptly or apply Dirty Frag mitigations (e.g., disable esp4/esp6 and harden containers) while monitoring for escalation attempts. A threat actor, berz0k, is advertising a zero-day LPE exploit for sale on cybercrime forums.

via The Hacker News|

#cve-2026-46300 #esp-in-tcp #linux-kernel

security12 days ago•4 min saved

Fragnasia flaw could grant root on many Linux kernels

A high-severity Linux kernel local privilege-escalation flaw, Fragnasia (CVE-2026-46300), lets an unprivileged attacker write to the kernel page cache via the XFRM ESP-in-TCP subsystem to gain root; patches are rolling out for all affected kernels, and a PoC exists. Mitigations include removing vulnerable modules esp4, esp6, and rxrpc with modprobe.d, though this can disrupt AFS and IPsec VPNs. The bug is part of the Dirty Frag family; CISA has also flagged Copy Fail as actively exploited in the wild.

via BleepingComputer|

#kernel #linux #patching

security13 days ago•2 min saved

Fragnesia Emerges as New Linux Local Privilege Escalation, Patch Pending

Fragnesia has been disclosed as a new Linux kernel local privilege escalation vulnerability, mirroring the Dirty Frag issue. It stems from a logic bug in the ESP/XFRM code that allows arbitrary writes into the kernel page cache of read-only files. A two-line patch in skbuff.c exists to fix it, but it has not yet been mainlined or included in mainline releases; more details are available on the oss-security list.

via Phoronix|

#cybersecurity #linux #linux-kernel