If a bad guy can escalate the privileges of a regular user, he’ll have greater access to the system. In this video, you’ll learn about privilege escalation and how to mitigate privilege escalation.
<< Previous Video: Christmas Tree AttackNext: Insider Threats >>
Privilege escalation is when you’re able to gain a higher level of privilege on a system even though you’re not supposed to have that privilege. This could be due to a vulnerability that exists on the system or it may be a flaw in the operating system you happen to be using. Generally speaking, having a higher level access means that you have more capabilities on that server or that system.
Generally, when we do privilege escalation we’re trying to get the highest possible privilege. So if you’re on a Windows machine, you want that administrator access. Or if you’re on a Linux machine, you want that root access. And that’s obviously a big problem because if somebody’s able to get that level of access on a system, they can do anything to that operating system they’d like.
You’ll notice when Microsoft sends out every month their security patches, if any of those patches are identified as allowing a privilege escalation those patches are usually set to a very high priority and people like to be able to patch those as quickly as possible. As soon as the bad guys know that there’s an opportunity for a privilege escalation they’re going to want to try to take advantage of that. So you want to prevent that from occurring by keeping your systems patched immediately.
If the bad guys know that there is now a new vulnerability that allows them to have a privilege escalation they will take advantage of it. So you want to deploy those patches as quickly as possible. There’s also something called horizontal privilege escalation. That means that one user who has normally access to just their files might also be able to gain access to another user’s files, but not necessarily have any additional access to the overall system.
Since many privilege escalations occur because of a known vulnerability, it’s important to patch as quickly as possible and that might resolve a number of privilege escalations on your servers. Your antivirus and anti-malware software might also be able to block this privilege escalation, especially if it’s a known vulnerability and there’s a known executable that takes advantage of that vulnerability.
Many modern operating systems use a technology called data execution prevention. This keeps the executable running only in areas where it’s allowed and prevents it from going outside that area and allowing a privilege escalation. Another operating system feature is called address space randomization where the data is put in many different places and it’s randomized every time. This prevents malicious software from being able to take advantage of a buffer overflow because there’s not a known memory address where certain data might always be located.