Category Archives: Upatre

More Upatre privilege escalation

It looks like the Upatre downloader malware has added a new tool that takes advantage of PCs that are missing Windows Update patches from last fall (well, last Northern Hemisphere fall).  In the past few weeks, newer versions of the Upatre malware can silently elevate their payload (the closely-coupled Dyre/Dyreza banking malware) to run as full admin.  These newer versions are using a vulnerability that Microsoft patched in October; however if a PC is not patched, even non-admin users tricked into running Upatre can have the malware elevated to SYSTEM.

Upatre continues to incorporate the AppCompat UAC bypass technique … Read more