Jump to content

PsExec.exe Vulnerability


Sampei.Nihira

Recommended Posts

For more info see the article below:

 

https://www.bleepingcomputer.com/news/security/windows-psexec-zero-day-vulnerability-gets-a-free-micropatch/

Quote

....While researching the vulnerability and creating a proof-of-concept, Wells was able to confirm that the zero-say affects multiple Windows versions from Windows XP up to Windows 10......

Just today PsExec.exe v.2.21 is out:

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

After downloading the tool I discovered that the version of PsExec.exe is v.2.30.

Although in the system requirements is specified from Windows Vista onwards through CFF Explorer I discovered that in:

100.jpg

Quote

 

Optional Header:

Major Operating systemversion = 5

Major subsystem version = 5

 

so it can also run with Windows XP.:yes:

I use PsExec in my Windows XP pc with the command:

psexec -l -d

To run New Moon 28 and MailNews as with limited-user privileges.

I have installed in my browser New Moon 28 the extension IsAdmin and I have verified that the tool works.:yes:

Probably,considering that the new version of PsExec.exe was released very quickly after the vulnerability was made public,this new version fixes the above specified vulnerability:

Quote

....He also found that it impacts multiple PsExec version, starting with v1.72 released back in 2006 and ending with PsExec v2.2.....

 

Edited by Sampei.Nihira
Link to comment
Share on other sites


1) PAExec does not encrypt the data:

 

https://github.com/poweradminllc/PAExec/issues/31

Even the officially supported version for XP (v. 2.11) encrypts data.

2) Development seems to have stopped many years ago .... too many.

It would be interesting to find out which version of PsExec.exe is embedded in the latest version of PAExec 1.28.

3) It probably suffers from the same vulnerability discovered recently.

 

 

Edited by Sampei.Nihira
Link to comment
Share on other sites

 

I think I'll sleep well as always tonight.

Quote

Q: Is this vulnerability a big deal?

 

A: Depends on your threat model. This vulnerability allows an attacker who can already run code on your remote computer as a non-admin (e.g., by logging in as a regular Terminal Server user, or establishing an RDP session as a domain user, or breaking into a vulnerable unprivileged service running on the remote computer) to elevate their privileges to Local System and completely take over the machine as soon as anyone uses PsExec against that machine. For home users and small businesses this is probably not a high-priority threat, while for large organizations it may be.

from:

https://blog.0patch.com/2021/01/local-privilege-escalation-0day-in.html

 

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...