Vulnerability Management, Privileged access management

Windows zero-day vulnerability ‘BlueHammer’ exploit code released

Microsoft March Patch Tuesday roundup

Exploit code has been released for an unpatched Windows privilege escalation flaw, dubbed BlueHammer, which allows attackers to gain SYSTEM or elevated administrator permissions. The vulnerability was published by a security researcher who expressed dissatisfaction with Microsoft's handling of the disclosure process. Since there is no official patch, the flaw is considered a zero-day, according to a recent report by Bleeping Computer.

The BlueHammer vulnerability is a local privilege escalation (LPE) flaw that combines a time-of-check to time-of-use (TOCTOU) vulnerability with path confusion. It grants a local attacker access to the Security Account Manager (SAM) database, which stores password hashes. This access can be leveraged to escalate privileges to SYSTEM, enabling complete machine compromise.

The researcher noted that the proof-of-concept code may contain bugs and might not work reliably on all systems, including Windows Server where it may only grant elevated administrator access.

Source: Bleeping Computer

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds