ClearConfig
How to guides & support
ClearConfig
Blog

Exploit to Hijack Privileged Windows User Session

exploitreveal
by |Published |2 Comments

In a recent PoC Exploit released via YouTube, Alexander Korznikov demonstrated a successful hijacking (using Task manager, service creation, as well as command line), along with Proof-of-Concept exploit.

Korznikov, an Israeli security researcher calls the attack “privilege escalation and session hijacking,” which could allow an attacker to hijack high-privileged users session and gain unauthorized access to applications and other sensitive data.

https://www.youtube.com/watch?v=oPk5off3yUg

Korznikov successfully tested the flaw on the newest Windows 10, Windows 7, Windows Server 2008, and Windows Server 2012 R2, though another researcher confirmed on twitter that the flaw works on every Windows version, even if the workstation is locked.

For successful exploitation, an attacker requires physical access to the targeted machine, but using (RDP) Remote Desktop Protocol session on a hacked machine, the attack can be performed remotely as well.

While Microsoft doesn’t believe this to be a vulnerability, some experts argue that a Windows user with admin permissions can do anything, Korznikov explained a simple attack scenario of how an insider could easily misuse this flaw.

   “Some bank employee have access to the billing system and its credentials to log in. One day, he comes to work, logging into the billing system and start to work. At lunchtime, he locks his workstation and goes out for lunch. Meanwhile, the system administrator can use this exploit to access employee’s workstation.”

“According to the bank’s policy, administrator’s account should not have access to the billing system, but with a couple of built-in commands in windows, this system administrator will hijack employee’s desktop which he left locked. From now, a sysadmin can perform malicious actions in billing system as billing employee account.”

The exploit has been known to Microsoft for the last six years, so it’s likely the company doesn’t consider it a security flaw as it requires local admin rights on the computer, and deems this is how its operating system is supposed to behave.

You may also like

Published

Apple Ditches Intel CPU’s in 2020

widely regarded as a lag of performance increases in Intel CPU designs as other manufacturers such as AMD, ARM and Samsung Co have been closing the gap in the PC CPU industry

DDOSing
Published

Is Google DDOSing your home network?

1 Comment

Recent postings on Google support forums indicate a major flaw with Google devices, a flaw which may, in fact, be the cause for not only you’re Wireless woe’s but also Wired Devices on your Local Network.

Published

Facebook Exploit Found Exposes Admins of All Pages

Facebook Page admins are publicly displayed only if admins have chosen to feature their profiles.

%d bloggers like this: