Summary
- High-severity Windows kernel race condition can let low-privilege local users gain full admin rights.
- Exploit requires local access (compromised account or malware); not remotely exploitable.
- Microsoft released patches — update Windows immediately to block privilege escalation.
It's always bad when a new security issue pops up, and it's even worse when it affects multiple builds across multiple versions of an operating system. A lot of Windows users are being affected by a brand new security flaw, and this one looks pretty bad.
The Indian Computer Emergency Response Team (CERT-In), the national nodal agency in India for responding to computer security incidents, has released a detailed advisory regarding a flaw that affects a broad spectrum of Windows versions, including the most recent builds of Windows 11 and Windows Server. The agency has classified the issue as "high severity," and from what we can see, it's pretty bad.
According to the technical details provided by CERT-In, the flaw is at a kernel level and it's caused by a "race condition." In case you don't know what that is, a race condition occurs when a system attempts to perform two or more operations at the same time, but because of the nature of the device or software, the operations must be done in the proper sequence to be done correctly. When a system fails to manage these simultaneous requests to share resources, it creates a temporary gap in security logic. The Windows kernel seemingly fails to properly synchronize processes. And if an attacker can manipulate this confusion, they can bypass security protocols that usually segregate standard user activities from critical system functions.
To exploit this, a threat actor requires low-level access to the target system, so this isn't something that can be exploited remotely. This could be achieved through a compromised guest account, a standard employee login, or even malware that has already infected the machine with low-level permissions. But once the attacker triggers the race condition in the kernel, they can elevate their privileges from a restricted user to a full administrator. From there, they can do stuff such as manipulate or delete critical data, install persistent malware, ransomware, or keyloggers, or create new administrator accounts to maintain access.
Microsoft has acknowledged the vulnerability and has successfully deployed security patches to address the flaw, so make sure your PC is fully updated.
- Adenman
-
1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.