Exploit to Hijack Privileged Windows User Session


In a recent PoC Exploit released via YouTube, Alexander Korznikov demonstrated a successful hijacking (using Task manager, service creation, as well as command line), along with Proof-of-Concept exploit.

Korznikov, an Israeli security researcher calls the attack “privilege escalation and session hijacking,” which could allow an attacker to hijack high-privileged users session and gain unauthorized access to applications and other sensitive data.


Korznikov successfully tested the flaw on the newest Windows 10, Windows 7, Windows Server 2008, and Windows Server 2012 R2, though another researcher confirmed on twitter that the flaw works on every Windows version, even if the workstation is locked.

For successful exploitation, an attacker requires physical access to the targeted machine, but using (RDP) Remote Desktop Protocol session on a hacked machine, the attack can be performed remotely as well.

While Microsoft doesn’t believe this to be a vulnerability, some experts argue that a Windows user with admin permissions can do anything, Korznikov explained a simple attack scenario of how an insider could easily misuse this flaw.


%d bloggers like this: