And the next stop is – root privileges!

May 23, 2022

And the next stop is – root privileges!

Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an attacker to elevate privileges to “root” on many Linux desktop endpoints.

Nimbuspwn takes advantage of the D-Bus functionality and two vulnerabilities found in the networkd-dispatcher (“CVE-2022-29799” and “CVE-2022-29800”), which include directory traversal, symlink race, and TOCTTOU race condition issues, that could be leveraged to elevate privileges and deploy malware or carry out other malicious activities.

In this unit, you will deep dive into the technicalities behind these vulnerabilities, examine the networked-dispatcher’s execution flow identified by Microsoft’s researchers, analyze the full attack flow and discuss mitigation procedures to defend your organization.


Past campaigns

Video-Thumbnail (002)

Interview – BCC Grupo Cajamar – ICL

Out of over 200 teams, BCC Grupo Cajamar’s cyber defense team, “Blue’s Boys”, was one of only 13 teams to make it to the finals. […]

Read More
Jester Stealer

Jester Stealer – the clown that will make you cry.

Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]

Read More
Cyberbit Ransomware Image_v1

The End of TrickBot

The malware of many tricks and no treats In 2016, the threat group Wizard Spider developed TrickBot – a highly modular banking trojan believed to […]

Read More