Privilege Escalation – SY0-601 CompTIA Security+ : 1.3

Some attacks can use an existing user account to gain elevated access. In this video, you’ll learn about privilege escalation vulnerabilities and how to prevent them.

<< Previous Video: Cryptographic Attacks Next: Cross-site Scripting >>

 

 


We often worry about an attacker getting administrative login rights or some type of route log in to gain full access to a system, but often the attacker is using a normal users log in to somehow gain elevated rights on the system. This is often done through a privilege escalation where a vulnerability or some type of design flaw is allowing a normal user to suddenly gain extended capabilities on that system. Very often this higher level access is the administrative or the root account. That’s why it’s so important to patch and make sure there are no vulnerabilities on a system that would allow simply any user logging in to gain full access of the operating system.

We often think of privilege escalation as a higher level account, but in some cases it’s a horizontal privilege escalation. This is where one user is able to gain access to resources that would normally only be available to another user of the same level. It doesn’t have to be an administrator account or a root account. Simply user A is gaining access to files and resources for user B.

Privilege escalation vulnerabilities are usually made very aware. They usually have a higher priority associated with them, so it’s very important that we patch these vulnerabilities quickly. It’s very common for our antivirus and anti-malware software to also be aware of these vulnerabilities and stop any malicious software that may try to take advantage of them. The operating system itself may have safeguards in place to prevent someone from taking advantage of a privileged escalation.

One of these safeguards is called data execution prevention it’s a way to only allow applications to run in certain areas of memory where that particular function is allowed. Vulnerabilities that try to run an application from the data section of memory would be blocked using data execution prevention. And many operating systems will randomize where information is stored in memory so that if attacker finds a way to take advantage of a memory address on one system, they would not be able to duplicate that on another operating system.

Here’s a practical example of a privileged escalation. This was a CBE 2020-1530, and it’s titled the Windows Remote Access Elevation of Privileged Vulnerability. It was released on August of 2020. This is specific to Microsoft Windows and the Windows Remote access application, which runs on server 2008, 2012, 2016, 2019, Windows 7, Windows 8.1, and Windows 10.

You can see that this particular vulnerability is one that affects many different operating systems going back a number of years. If the victim’s machine had this remote access vulnerability, the attacker would only need to run a single program and they would have elevated access on that system. With a vulnerability that has this scope associated with it, you can see why it’s so important to always make sure you’re up to date that you have the latest security patches on your operating system.