Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Atera Faces Zero-Day Vulnerabilities

July 25, 2023
Reading Time: 1 min read
in Alerts
Atera Faces Zero-Day Vulnerabilities

 

Atera’s remote monitoring and management software was found to have zero-day vulnerabilities in its Windows Installers, posing serious risks of privilege escalation attacks.

Discovered by Mandiant, the flaws enabled attackers to execute arbitrary code with elevated privileges, making them a significant threat to organizations. The vulnerabilities, assigned as CVE-2023-26077 and CVE-2023-26078, were addressed in subsequent versions of the software released by Atera, but their discovery highlights the importance of thorough security reviews and proactive measures to protect against escalating threats.

The specific weaknesses found in the MSI installer’s repair functionality allowed operations to be triggered from an NT AUTHORITY\SYSTEM context, even if initiated by a standard user.

By exploiting these flaws, attackers could gain access to a Command Prompt as the NT AUTHORITY\SYSTEM user, potentially enabling local privilege escalation attacks.

Security researcher Andrew Oliveau warned about the potential risks, emphasizing the importance of properly managing Custom Actions to prevent such exploits. The vulnerabilities were patched in versions 1.8.3.7 and 1.8.4.9 released by Atera in April and June 2023, respectively, but prior to that, they served as a springboard for attacks that could execute arbitrary code with elevated privileges, posing significant risks to organizations and their systems.

Reference:
  • Escalating Privileges via Third-Party Windows Installers
Tags: AteraCyber AlertCyber Alerts 2023CyberattackCybersecurityJuly 2023VulnerabilitiesWindowszero-day vulnerability
ADVERTISEMENT

Related Posts

Yes24 Down After Cyberattack

Win-DDoS Flaws Enable DC DDoS Botnets

August 12, 2025
Yes24 Down After Cyberattack

GPT-5 Jailbreak, Zero-Click AI Threats

August 12, 2025
Yes24 Down After Cyberattack

7-Zip Flaw Enables Arbitrary Code Run

August 12, 2025
WinRAR Zero-Day Actively Exploited

WinRAR Zero-Day Actively Exploited

August 11, 2025
WinRAR Zero-Day Actively Exploited

Lenovo Linux Webcam BadUSB Flaw

August 11, 2025
WinRAR Zero-Day Actively Exploited

Tesla-Themed Malware in Google Ads

August 11, 2025

Latest Alerts

Win-DDoS Flaws Enable DC DDoS Botnets

GPT-5 Jailbreak, Zero-Click AI Threats

7-Zip Flaw Enables Arbitrary Code Run

Tesla-Themed Malware in Google Ads

Lenovo Linux Webcam BadUSB Flaw

WinRAR Zero-Day Actively Exploited

Subscribe to our newsletter

    Latest Incidents

    Columbia Data Breach Hits 900K

    Chinese Gang Hits 115M US Payment Cards

    Yes24 Down After Cyberattack

    University of WA Major Data Breach

    Google Ads Customers’ Data Breach

    Connex Credit Union Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial