Cyber Security

Critical Vulnerability Found in AnyDesk: Attackers Can Gain Admin Privileges

A critical security flaw (CVE-2024-12754) in AnyDesk allows attackers to access system files and elevate privileges, posing a significant risk to Windows users.

bastamabastama
Feb 27, 2025 - 13:52
Mar 1, 2025 - 01:10
 0  7
Critical Vulnerability Found in AnyDesk: Attackers Can Gain Admin Privileges
Cloud Sunucu
Cloud Sunucu

A critical security vulnerability has been discovered in the popular remote access software AnyDesk. Identified as CVE-2024-12754, this flaw allows attackers to access system files and escalate privileges, potentially leading to full administrative control of the affected system.

Exploitation of File Copy Mechanism
The vulnerability was discovered by security researcher Naor Hodorov and revolves around the file copying mechanism used by the AnyDesk service running on Windows systems. When a new session is initiated, AnyDesk copies the current desktop wallpaper to the C:\Windows\Temp folder. This process allows low-privileged users to read and potentially control certain files within this folder.

Unauthorized File Access and Privilege Escalation
A low-privileged user can manipulate the process by changing the desktop wallpaper and controlling which file gets copied to C:\Windows\Temp. However, the copied file is only accessible by system administrators and NT AUTHORITY\SYSTEM. To bypass this restriction, an attacker can place a file with the same name in the C:\Windows\Temp directory before the copy operation, allowing them to access the copied file.

Additionally, attackers can exploit the Windows-created HarddiskVolumeShadowCopy (Shadow Copies) mechanism to access system files. Following these steps, attackers can elevate their local privileges:

  1. Place a file with the target name in C:\Windows\Temp beforehand.
  2. Trigger the copy operation using an oplock (file lock).
  3. Redirect the folder containing the wallpaper to the NT Object Manager Namespace.
  4. Use shadow copies to access SAM, SYSTEM, and SECURITY files.
  5. Gain administrator privileges by utilizing the obtained data.

Disclosure Timeline
The vulnerability was reported to AnyDesk developers on July 24, 2024. After being tracked through Trend Micro’s Zero Day Initiative (ZDI), the flaw was publicly disclosed on December 19, 2024. Details about the CVE and ZDI can be found through the provided link.

To prevent exploitation of this vulnerability, AnyDesk users are advised to follow updates and review their system security settings promptly.

Tags:

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0
bastama
bastama
Sınırsız Hosting
Sınırsız Hosting

Related Posts

SonicWall Firewalls Targeted by Exploited Vulnerability: Over 4,500 Devices at Risk

SonicWall Firewalls Targeted by Exploited Vulnerability...

bastama Feb 27, 2025  0  14

Tenable Report: 'ProxyLogon Vulnerability Still Exposes 91% of Affected Exchange Servers to Attacks'

Tenable Report: 'ProxyLogon Vulnerability Still Exposes...

bastama Feb 27, 2025  0  5

Crypto Crimes Hit Record High in 2024 Amid Market Growth

Crypto Crimes Hit Record High in 2024 Amid Market Growth

bastama Feb 27, 2025  0  3

NVISO Labs: 'Hackers Use Microsoft Teams and Spam Emails to Launch Social Engineering Attacks'

NVISO Labs: 'Hackers Use Microsoft Teams and Spam Email...

bastama Feb 27, 2025  0  10

Cyber ​​Security Law Comes into Force Aims to Increase Türkiye's Security

Cyber ​​Security Law Comes into Force Aims to Increase ...

bastama Apr 29, 2025  0  2

Ebubekir Bastama: 'Fraud Methods Using Fake Instagram Ads Are On The Rise'

Ebubekir Bastama: 'Fraud Methods Using Fake Instagram A...

bastama Feb 27, 2025  0  12