Source URL: https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-softmaker-office-freeoffice/
Source: Hacker News
Title: Local Privilege Escalation via MSI Installer
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: The text details a critical local privilege escalation vulnerability (CVE-2023-7270) in SoftMaker Office and FreeOffice installations that can be exploited by low-privileged users. It highlights the need for immediate security patching and a comprehensive security review by professionals, underscoring the importance of addressing software vulnerabilities in office productivity tools.
Detailed Description:
– **Vulnerability Overview**:
– The document outlines a local privilege escalation vulnerability (CVE-2023-7270) affecting the MSI installer for SoftMaker Office and FreeOffice.
– Exploitation allows low-privileged users to execute commands with SYSTEM privileges via a visible console application (conhost.exe) during the repair operation of the software installer.
– **Exploit Conditions**:
– Specific browser settings and actions (using Chrome or Firefox, while ensuring Edge or Internet Explorer are not set as the default) must be met for successful exploitation.
– The installer must be accessed via the local file system for the vulnerability to be triggered.
– **Proof of Concept**:
– The document details a method by which an attacker can invoke the installer, manipulate file locks, and escalate privileges through specific executable actions (7z.exe and syspin.exe).
– It emphasizes that certain conditions need to be fulfilled to gain elevated command prompt access, making the instructions quite technical.
– **Vulnerable Versions**:
– The tested versions of the software are specified, indicating which releases are vulnerable and emphasizing that older versions, such as FreeOffice 2021, will not receive any fixes, which increases risk.
– **Mitigation**:
– The vendor has provided updates (revision 1214 for SoftMaker Office 2024 and 1215 for FreeOffice 2024) available for immediate download, urging users to apply these security patches promptly.
– It suggests that users contact SEC Consult for professional assessments and improvements in cybersecurity practices.
**Key Implications for Security Professionals**:
– Immediate patching of vulnerabilities in productivity software is crucial to prevent privilege escalation attacks that compromise system integrity.
– Organizations should conduct regular security reviews and vulnerability assessments on all installed software, particularly high-risk tools used widely across the organization.
– Continuous monitoring for updates from software vendors and adherence to best practices in configuration management is essential in mitigating potential risks.
– Awareness of exploit methodologies is important for security teams to prepare and defend against potential attacks.