Get a Pentest and security assessment of your IT network.

Cyber Security

Windows PsExec zero-day vulnerability gets a free micropatch

A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft’s Windows PsExec management tool is now available through the 0patch platform. The zero-day is caused by a named pipe hijacking (also known as named pipe squatting) vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it maliciously giving it Local System permissions. A researcher discovered the vulnerability and publicly disclosed it on December 9th, 2020, 90 days after Microsoft failed to patch the bug.

Source: https://www.bleepingcomputer.com/news/security/windows-psexec-zero-day-vulnerability-gets-a-free-micropatch/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation