An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. The flaw is located in the Windows RPC Protocol and was dubbed RemotePotato0 by security researchers. If successfully exploited, threat actors could perform an NTLM relay attack that will give them domain admin privileges.
RemotePotato0: Why It Is Dangerous
The privilege escalation flaw was discovered by an expert from Sentinel LABS, by his name Antonio Cocomazzi together with Andrea Pierini, an independent researcher. They named it RemotePotato0 and disclosed it during the month of April last year.
Microsoft defines RemotePotato0 as a zero-day flaw, and a future CVE ID is expected to be assigned to it. By means of this bug, threat actors can trigger authenticated RPC/DCOM calls. It also makes possible the relay of NTLM authentication to other protocols. By doing this, hackers could elevate privileges to domain administrators that could potentially result in the entire compromise of the domain.
Mitja Kolsek, the 0patch co-founder, explained in a blog post that
It allows a logged-in low-privileged attacker to launch one of several special-purpose applications in the session of any other user who