*Warning CVE-2021-26868 Publicly Available Exploit Code* Our Counter Cyber Intelligence (CCI) Automation has just ingested exploit code that targets a Windows Graphics Component and injects shellcode into winlogon.exe, resulting in SYSTEM level privilege escalation. Below, we test the base exploit (injects cmd.exe) and then modify it to inject a Covenant C2 implant with SYSTEM-level integrity. Microsoft has released a patch for this vulnerability Mar. 9th and can be found in the follow-on resources below.
Exploit: https://github.com/mavillon/CVE-2021-26868/blob/main/CVE-2021-26868/exp/exp.cpp MS Security Guidance: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26868 #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam Comments are closed.
|