Windows Privilege Escalation

• Zero-Day Vulnerability of Software and Operating Systems: The security flaws in software are most times unknown to the vendor and are exploited by attackers before a patch is available.
• Weak Credentials: Guessing or cracking weak passwords can provide unwarranted access.
• Phishing and Social Engineering: Tricking users into clicking malicious links or downloading malware can lead to privilege escalation.
• Misconfigured Systems: Improperly configured systems with open ports or weak permissions can be exploited.
• DLL Hijacking: Malicious Dynamic Link Libraries are fed into higher privileged processes, allowing them to run with the process privileges.
• Exploiting Scheduled or Startup Program Tasks: Malicious actors create or modify a scheduled task or startup program that runs with elevated privileges, thereby taking control when the program starts executing.

• Strong Credentials: Create complex, unique passwords for all accounts and enable Multi-Factor Authentication (MFA).
• Credential Rotation: Routinely change your credentials. We recommend at least every 60 days.
• Regular Updates and Backups: Keep operating systems, applications, and software up-to-date with the latest patches. Take regular offsite or offline backups and keep them for extended durations.
• User Education: Train staff to recognise phishing attempts and avoid clicking suspicious links.
• Access Controls: Implement strict access controls, granting only necessary permissions to users.
• Security Software: Use reputable antivirus and anti-malware software with SIEM monitored by a SOC.
• Network Security: Protect your network with firewalls and intrusion detection systems.
• Incident Response Plan: Have a plan in place to respond to security incidents.

If you suspect an ongoing compromise, experience unusual system behaviour like a slower response, or unexpected errors, or notice unauthorised software installation, take immediate action.

Use this FREE TrendMicro Cyber Risk Assessment service to uncover malicious files and identify critical vulnerabilities on your Windows systems.