Local user accounts should be closely monitored. Each CVE in this advisory leverages user accounts - post-compromise - to springboard into other techniques. In CVE-2023-42475, a disabled user is resurrected and in CVE-2022-47966, a new local user is created. Endpoint defenses should be on the lookout for any suspicious creation or re-enabling of local user accounts. Preventing these actions will block any subsequent malicious activities before they get too far.
Be immediately notified of new advisories and associated security tests
July 25, 2024