Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling

Article note: The windows one is a straightforward "wrong default permissions" thing...but that Linux exploit really is something. A valid 1GB path name is like a million inodes on most FSes (like 5GB of junk), so it wouldn't be small or quiet, and it's just to get one semi-controlled out-of-bounds write to break the EBPF security model and run an exploit sequence from there.

Enlarge

The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.

As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read. A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years.

Breaking Windows

The Windows vulnerability came to light by accident on Monday when a researcher observed what he believed was a coding regression in a beta version of the upcoming Windows 11. The researcher found that the contents of the security account manager—the database that stores user accounts and security descriptors for users on the local computer—could be read by users with limited system privileges.