Bugs in Windows and Linux Allow Gaining SYSTEM and ROOT Permissions

Bugs in Windows and Linux Allow Gaining SYSTEM and ROOT Permissions

There is no perfect operating system. The complexity of modern software means that any mistake when programming can trigger a vulnerability that endangers the safety of users. And, on this occasion, the “mistake” has been discovered in two operating systems at the same time, Windows and Linux, which have been affected by two very similar flaws that can allow any hacker to get the highest level of privileges in the system. PC.

Security flaw in Windows 10 and Windows 11

Microsoft has confirmed just a few hours ago of a new security flaw that affects all versions of its Windows 10 operating system released since 1809 (that is, it affects 1809, 1903, 1909, 2004, 20H2 and 21H1). In addition, it is a bug that was also present in the latest builds of Windows 11 .

This vulnerability, registered as CVE-2021-36934 , allows any user, without administrator permissions, to access critical files on the SAM, SYSTEM and SECURITY system. In this way, any user could get the highest level of privileges within the operating system: SYSTEM.

The files in question affected by this vulnerability are found in C: / Windows / System32 / config.

Vulnerabilidad Windows SAM

Once the attacker managed to exploit the vulnerability in a system, they could be able to execute random code in memory. In this way you could install programs, view, change or delete installed programs, and even create new users with administrative permissions.

At the moment there is no solution available to protect us from this serious security breach. Microsoft is already studying the vulnerability and will release a patch, surely, with the new Windows security patches, on August 10. In the meantime, they recommend limiting access to these files and deleting any Volume Shadow Copies that may have been created from them.

As if that were not enough, Windows is still vulnerable to the Print Spooler failure. Security is not being the protagonist this 2021 within the Microsoft ecosystem.

Sequoia: the Linux security flaw similar to Windows

Interestingly, at the same time, Linux has been affected by a security flaw much like Windows. This vulnerability has been present in the distribution longer than that of Windows, since 2014, and can allow any hacker, or malware, to gain ROOT privileges on the system.

This new vulnerability has been baptized as Sequoia and has been registered as CVE-2021-33909 . The vulnerability affects the default installation of the main distributions on the market, such as Ubuntu (from 20.04 to 21.04), Debian 11, Fedora 34 and even Red Hat Enterprise Linux 6, 7 and 8. Being a bug that has been present since 2014 In the Linux kernel, many older versions of the distros, which are not supported, will also be affected.

The same researchers who found this vulnerability have registered another one for Linux, CVE-2021-33910 . This time it is a denial of service failure that can block any program or service, and even cause a Kernel Panic, in the systems.

Those responsible for the main distros on the market are already working to launch a patch that protects users as soon as possible. However, at the moment we do not know when it will be available. It should not take long, and updating the Kernel to this new version our Linux system should be secure again.