Microsoft patches privilege escalation flaw exploited since 2023

Posted on by

The ESET researchers said the exploit was first seen in the wild in 2023, when it was deployed on computers through a backdoor program dubbed PipeMagic. First discovered in 2022, PipeMagic is a plugin-based malware first used against organizations in Asia and last year against entities from Saudi Arabia. In the last campaign, the malware was distributed through a fake ChatGPT application written in Rust.

“The exploit targets Windows 8.1 and Server 2012 R2,” the ESET researchers said on X. “The vulnerability affects OSes released before Windows 10 build 1809, including still supported Windows Server 2016. It does not affect more recent Windows OSes such as Windows 11.”

While not remotely exploitable, privilege escalation flaws are valuable to attackers who manage to trick users into executing malware because they allow a full system takeover, in this case with SYSTEM privileges.