securityonline.info
Open in
urlscan Pro
2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
Public Scan
URL:
https://securityonline.info/poc-released-for-windows-sysinternals-sysmon-privilege-escalation-cve-2023-29343-bug/
Submission: On October 29 via api from IN — Scanned from DE
Submission: On October 29 via api from IN — Scanned from DE
Form analysis 2 forms found in the DOM
https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>Text Content
Skip to content Cybersecurity News * Search for: * Home * Cyber Security * Data Leak * Linux * Malware Attack * Open Source Tool * Technology * Vulnerability * Windows * Home * Cyber Security * Data Leak * Linux * Malware Attack * Open Source Tool * Technology * Vulnerability * Windows Search for: Cybersecurity News * Vulnerability POC RELEASED FOR WINDOWS SYSINTERNALS SYSMON PRIVILEGE ESCALATION (CVE-2023-29343) BUG by do son · June 18, 2023 In the dynamic world of cybersecurity, threats are constantly evolving, necessitating vigilance from system administrators and everyday users alike. A proof-of-concept (PoC) exploit for the Microsoft Windows SysInternals Sysmon privilege escalation flaw, traced as CVE-2023-29343 has been publicly released by security researcher Filip Dragović. This Elevation of Privilege Vulnerability could potentially grant authenticated attackers the ability to obtain SYSTEM privileges, the highest level of authority in the Windows environment. The bug at the heart of this issue involves the Sysmon tool, a Windows system service and device driver that monitors and logs system activity to the Windows event log. As Dragović has detailed, the issue lies in how Sysmon validates access and ownership of its archive directory. After the last security patch, Sysmon was configured to check if the archive directory exists, and if so, confirm it is owned by the SYSTEM. Moreover, it ensured that access was granted exclusively to SYSTEM. Should both these conditions be met, Sysmon would proceed to write or delete files within this directory. Image: Filip Dragović Unfortunately, as Dragović noted, it’s not possible for low-privilege users to alter file or directory ownership. This necessitated the identification of a directory already owned by SYSTEM but granting full access—or at least WRITE_DAC, DELETE, and FILE_WRITE_ATTRIBUTES—to a low-privilege user or any group such a user might belong to. Microsoft initially addressed the bug by releasing security updates on May 9th, urging all customers to immediately apply these patches to prevent potential exploitation attempts. Dragović’s proof-of-concept, however, highlights the continued need for system maintenance and security vigilance. With the PoC exploit for CVE-2023-29343 now public, it’s likely that threat actors will scramble to exploit this vulnerability in a bid to carry out nefarious activities, including data theft, ransomware deployment, or other forms of cyber sabotage. Custom versions of the exploit could potentially target any unpatched Windows system, making this a critical concern for businesses and individual users who may not yet have implemented the provided patches. Security vulnerabilities such as CVE-2023-29343 underscore the importance of diligent system upkeep and prompt application of security patches. To avoid falling victim to this bug, users should ensure their systems are updated with the latest patches and have strong security measures in place. Share Tags: CVE-2023-29343 Follow: * * * * * SEARCH Visit Penetration Testing Tools & The Information Technology Daily Support Securityonline.info site. Thanks! * Malware / Vulnerability Akira Ransomware Exploits SonicWall SSLVPN Flaw (CVE-2024-40766) September 8, 2024 * Vulnerability Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required September 13, 2024 * Vulnerability Tor Project Responds to De-Anonymization Report: Network Remains Secure for Most Users September 19, 2024 * Vulnerability Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks September 26, 2024 * Vulnerability Chrome Releases Stable Channel Update Addressing High Security Vulnerabilities October 3, 2024 Reward BRILLIANTLY SAFE! securityonline.info CONTENT & LINKS Verified by Sur.ly 2022 WEBSITE 1. About SecurityOnline.info 2. Advertise on SecurityOnline.info 3. Contact * About Us * Contact Us * Disclaimer * Privacy Policy * DMCA NOTICE * Sponsors Cybersecurity News © 2024. All Rights Reserved. * * * * * x ✕ DATENSCHUTZ & TRANSPARENZ securityonline.info und unsere Partner bitten um Ihre Zustimmung zur Nutzung Ihrer persönlichen Daten sowie zum Speichern und/oder Zugreifen auf Informationen auf Ihrem Gerät. Dazu gehört die Nutzung Ihrer persönlichen Daten für personalisierte Werbung und Inhalte, Werbe- und Inhaltsmessung, Publikumsforschung und die Entwicklung von Dienstleistungen. Ein Beispiel für die Verarbeitung von Daten könnte ein eindeutiger Identifikator sein, der in einem Cookie gespeichert wird. Ihre persönlichen Daten können von 901 Partnern gespeichert, abgerufen und geteilt werden oder speziell von dieser Seite genutzt werden. Sie können Ihre Einstellungen jederzeit ändern oder Ihre Zustimmung zurückziehen; der Link dazu befindet sich in unserer Datenschutzrichtlinie am Ende dieser Seite. Einige Anbieter können Ihre persönlichen Daten auf Grundlage eines berechtigten Interesses verarbeiten, gegen das Sie durch Verwalten Ihrer Einstellungen unten Einspruch erheben können. Einstellungen verwalten Nur notwendige Cookies Weiter mit den empfohlenen Cookies Anbieter-Liste | Datenschutzerklärung