HomesecurityThe zero-day vulnerability in Windows PsExec gets a free micropatch

The zero-day vulnerability in Windows PsExec gets a free micropatch

A free micropatch that fixes a local privilege scaling (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.


The PsExec tool allows system administrators to run programs on remote systems. The PsExec tool is also integrated and used by corporate tools for remote startup executable to others computers.

This zero-day PsExec is caused by a named pipe pipe hijacking vulnerability (also known as named pipe squatting) that allows intruders to trick PsExec into reopening a maliciously created "named pipeAnd give it to him local system rights.

After the successful exploitation of the error, the threatening agents will be able to perform arbitrary procedures as a Local System that allows them to effectively undertake the use of the machine.

Affects PsExec releases released over the last 14 years

Malware researcher David Wells discovered the vulnerability and made it public on December 9, 2020, 90 days after information Microsoft and failed to correct the error.

While researching vulnerability and creating one proof-of-concept, Wells was able to confirm that zero-day vulnerability affects many versions of Windows from Windows XP to Windows 10.

He also found that it affects many versions of PsExec, starting with v1.72 released in 2006 and ending with PsExec v2.2, the latest version released four years ago, which means that zero-day vulnerability affects all versions of PsExec where were launched for twelve years.

Micropatch is only valid for the latest version of PsExec

Kolsek reports that the free micropatch released today is delivered to memory and does not require restart of systemic.

Applies to the latest 32-bit and 64-bit PsExec versions, but may be ported to older versions of PsExec depending on users, as Kolsek wrote earlier today.

Source of information:

Teo Ehc
Be the limited edition.