Privilege escalation explained: Why these flaws are so valuable to hackers

Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.

access control / authentication / privileges / security / key
Cybrain / Getty Images

Privilege escalation definition

Privilege escalation vulnerabilities are security issues that allow users to gain more permissions and a higher level of access to systems or applications than their administrators intended. These types of flaws are valuable for attackers because they're needed for full exploit chains but can be overlooked by defenders or developers because of their lower severity scores.

In general, any violation of an intentional security boundary can be considered a privilege escalation issue, including gaining kernel access from a user application in an operating system, escaping a virtual machine to access the underlying hypervisor, gaining domain administrator access from a workstation, or gaining privileged roles in public clouds by exploiting misconfigurations.

Why privilege escalation flaws are dangerous

In the security community, a lot of attention is put on vulnerabilities that can result in arbitrary code execution, especially those that can be exploited remotely -- remote code execution (RCE). These flaws tend to have the highest severity scores, but part of the reason for this is historical, with defenders traditionally focusing on preventing hackers from gaining access to their systems in the first place.

To continue reading this article register now

The 10 most powerful cybersecurity companies