Summary: Mandiantβs analysis highlights significant security risks posed by misconfigured Custom Actions in software, which can enable privilege escalation to NT AUTHORITYSYSTEM. Developers are urged to adhere to secure coding practices, particularly in managing permissions and file operations, to mitigate these vulnerabilities. The report also emphasizes the need for organizations to audit their endpoints and monitor for potential privilege escalation attempts.
Affected: Mandiant, Lakeside Software
Keypoints :
- Misconfigured Custom Actions can be easily exploited, posing severe security threats.
- Attacks can occur through low-privilege file manipulations in user directories like %TEMP%.
- Companies are advised to audit endpoint security and monitor administrative shell activities.
- Privilege escalation can occur via compromised integrity on a single system, affecting the broader network.
- Mandiant offers endpoint security assessments to identify vulnerabilities from adversary perspectives.
- CVE-2023-6080 was reported on June 13, 2024, and confirmed fixed by Lakeside Software by August 7, 2024.
Source: https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse
Views: 6