CVE-2020-14418:A time-of-check to time-of-use (TOCTOU) vulnerability in madCodeHook library before 2020-07-16 allows local privilege escalation to SYSTEM level through directory junction manipulation.

splash
Back

Description Preview

CVE-2020-14418 affects the madCodeHook library, a popular hooking engine used by various security products. The vulnerability is a time-of-check to time-of-use (TOCTOU) race condition that allows local attackers to elevate their privileges to SYSTEM level. The issue occurs because the library does not properly handle directory junctions during certain operations, allowing an attacker to redirect paths between the time they are checked and the time they are used. This vulnerability could allow a standard user to execute arbitrary code with SYSTEM privileges on affected systems.

Overview

The madCodeHook library is used by many security products and applications that need to perform API hooking on Windows systems. The vulnerability (CWE-367: Time-of-check Time-of-use Race Condition) exists in versions prior to the July 16, 2020 update. An attacker with local access to a system can exploit this vulnerability by creating directory junctions that redirect file operations, taking advantage of the time gap between when the library checks a path and when it actually uses it. This allows the attacker to trick the library into operating on a different file than intended, potentially leading to the execution of malicious code with elevated privileges.

Remediation

To remediate this vulnerability:

  1. Update the madCodeHook library to the version released on or after July 16, 2020.
  2. If you are a software developer using madCodeHook, ensure you incorporate the updated library into your products.
  3. If you are using applications that depend on madCodeHook, ensure they are updated to versions that include the fixed library.
  4. As a temporary mitigation, restrict local user access to systems where vulnerable versions are deployed.
  5. Monitor for suspicious activities that might indicate exploitation attempts, such as unexpected directory junction creation or privilege escalation events.

References

  1. Nettitude Metasploit Modules: https://github.com/nettitude/metasploit-modules
  2. Detailed vulnerability analysis and exploit information: https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/
  3. CWE-367: Time-of-check Time-of-use Race Condition: https://cwe.mitre.org/data/definitions/367.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background