| Product: Atera remote monitoring and management software |
| Vulnerability Identifiers: CVE-2023-26077 and CVE-2023-26078 |
| Vulnerability Details: The zero-day vulnerabilities in the Windows Installers for the Atera remote monitoring and management software could lead to privilege escalation attacks. The flaws were discovered by Mandiant on February 28, 2023. Both vulnerabilities involve the MSI installer’s repair functionality and can allow operations to be triggered from an NT AUTHORITY\SYSTEM context even if initiated by a standard user. Successful exploitation of these vulnerabilities could result in the execution of arbitrary code with elevated privileges. CVE-2023-26077: This vulnerability allows for a local privilege escalation attack through DLL hijacking. Attackers can exploit this flaw to obtain a Command Prompt as the NT AUTHORITY\SYSTEM user. CVE-2023-26078: This vulnerability involves the execution of system commands that trigger the Windows Console Host (conhost.exe) as a child process. This can open a command window, and if executed with elevated privileges, it can be exploited by an attacker to perform a local privilege escalation attack. |
| Impact: If these vulnerabilities are exploited successfully, an attacker could gain elevated privileges on the compromised system, potentially leading to further compromise or unauthorized access. |
| Remediation: Atera released versions 1.8.3.7 and 1.8.4.9 on April 17, 2023, and June 26, 2023, respectively, to address these vulnerabilities. It is crucial for users of the Atera software to update to one of these remediated versions to protect their systems from potential privilege escalation attacks. |
| Reference: Security researcher Andrew Oliveau’s analysis CVE-2023-26077 and CVE-2023-26078 Kaspersky’s report on the privilege escalation flaw in Windows (CVE-2023-23397) exploited in the wild |
