Exploit code has been released for an unpatched Windows privilege escalation flaw, dubbed BlueHammer, which allows attackers to gain SYSTEM or elevated administrator permissions. The vulnerability was published by a security researcher who expressed dissatisfaction with Microsoft's handling of the disclosure process. Since there is no official patch, the flaw is considered a zero-day, according to a recent report by Bleeping Computer.The BlueHammer vulnerability is a local privilege escalation (LPE) flaw that combines a time-of-check to time-of-use (TOCTOU) vulnerability with path confusion. It grants a local attacker access to the Security Account Manager (SAM) database, which stores password hashes. This access can be leveraged to escalate privileges to SYSTEM, enabling complete machine compromise.The researcher noted that the proof-of-concept code may contain bugs and might not work reliably on all systems, including Windows Server where it may only grant elevated administrator access.Source: Bleeping Computer
Vulnerability Management, Privileged access management
Windows zero-day vulnerability ‘BlueHammer’ exploit code released

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



