HomesecurityThe zero-day vulnerability in Windows PsExec gets a free micropatch

The zero-day vulnerability in Windows PsExec gets a free micropatch

A free micropatch that fixes a local privilege scaling (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.

PsExec

The PsExec tool allows system administrators to run programs on remote systems. The PsExec tool is also integrated and used by corporate tools for remote startup executable to others computers.

advertisement

This zero-day PsExec is caused by a named pipe pipe hijacking vulnerability (also known as named pipe squatting) that allows intruders to trick PsExec into reopening a maliciously created "named pipeAnd give it to him local system rights.

After the successful exploitation of the error, the threatening agents will be able to perform arbitrary procedures as a Local System that allows them to effectively undertake the use of the machine.

YouTube

#mrbitcoin #konstantopoulou The Greek lawyer of the Russian technician - guru of cryptocurrencies will analyze the procedural situation in which the case of Mr. Bitcoin. In an exclusive interview with SecNews, Zoe Konstantopoulou answers all our questions regarding the case of Alexander Vinnik. Zoe Konstantopoulou revealed evidence of fire that testifies to the secret cooperation of the Greek Ministry of Justice with the Ministry of Justice of the United States of America. The reason for the existence of the secret agreements between Greece and the USA suggests, according to what was mentioned in the Press Conference, the urgent need of the United States to get involved in court issues in order to circumvent Mr Bitcoin's rights. One of the main reasons for the US obsession with the case is because they demand the extradition of Alexander Vinnik (America Vinnik) to America in order - according to Mrs. Konstantopoulou - to be used as a "weapon" in their hands against Russia. They seek to use it in the long-running cyber war between the United States and Russia. _______________________________________________________________________________ Follow Zoe Konstantopoulou: Website: https://www.zoikonstantopoulou.gr/ Facebook: https://www.facebook.com/zoe.konstantopoulou.official Follow us: Facebook: https://www.facebook.com/SecNews Instagram: https://www.instagram.com/secnews.gr Twitter: https://twitter.com/Secnews_GR

#mrbitcoin #konstantopoulou

The Greek lawyer of the Russian technician - guru of cryptocurrencies will analyze the procedural situation in which the case of Mr. Bitcoin.

In an exclusive interview with SecNews, Zoe Konstantopoulou answers all our questions regarding the case of Alexander Vinnik.

Zoe Konstantopoulou revealed evidence of fire that testifies to the secret cooperation of the Greek Ministry of Justice with the Ministry of Justice of the United States of America.

The reason for the existence of the secret agreements between Greece and the USA suggests, according to what was mentioned in the Press Conference, the urgent need of the United States to get involved in court issues in order to circumvent Mr Bitcoin's rights. One of the main reasons for the US obsession with the case is because they demand the extradition of Alexander Vinnik (America Vinnik) to America in order - according to Mrs. Konstantopoulou - to be used as a "weapon" in their hands against Russia. They seek to use it in the long-running cyber war between the United States and Russia.
___________________________________________________________________________
Follow Zoe Konstantopoulou:

Website: https://www.zoikonstantopoulou.gr/
Facebook: https://www.facebook.com/zoe.konstantopoulou.official

Follow us:

Facebook: https://www.facebook.com/SecNews
Instagram: https://www.instagram.com/secnews.gr
Twitter: https://twitter.com/Secnews_GR

1

YouTube Video UExnenByc0EwVkUxcTNYbHVuamNYUEY1SnppbVk2M19DVi5GM0Q3M0MzMzY5NTJFNTdE

Interview - Zoe Konstantopoulou for Alexander Vinnik

SecNewsTV July 29, 6:51 am

Affects PsExec releases released over the last 14 years

Malware researcher David Wells discovered the vulnerability and made it public on December 9, 2020, 90 days after information Microsoft and failed to correct the error.

While researching vulnerability and creating one proof-of-concept, Wells was able to confirm that zero-day vulnerability affects many versions of Windows from Windows XP to Windows 10.

He also found that it affects many versions of PsExec, starting with v1.72 released in 2006 and ending with PsExec v2.2, the latest version released four years ago, which means that zero-day vulnerability affects all versions of PsExec where were launched for twelve years.

Micropatch is only valid for the latest version of PsExec

Kolsek reports that the free micropatch released today is delivered to memory and does not require restart of systemic.

Applies to the latest 32-bit and 64-bit PsExec versions, but may be ported to older versions of PsExec depending on users, as Kolsek wrote earlier today.

Source of information: bleepingcomputer.com

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.
spot_img

LIVE NEWS