top | item 39542743

(no title)

kokx | 2 years ago

Usually that CFO doesn't have admin privileges. However, the exe he ran could very easily make use of a privilege escalation exploit on a service that does run with admin privileges. An exploit that is a buffer overflow or otherwise an exploit that is possible due to memory safety issues.

Or that exe tries to connect to other services in the network to exploit a buffer overflow on another system. An example of such an exploit was EternalBlue.

So yes, you're probably right that from a purely external perspective, attackers are unlikely to gain initial access using exploits targeting memory safety. However, once they are in, there are all sorts of memory safety bugs that could be used.

discuss

No comments yet.