Privilege escalation is a critical concept in cybersecurity. It refers to a situation where a user gains unauthorized access to privileges typically reserved for higher-level users. This scenario can occur in two distinct ways: vertically, where the user gains access to advanced functions, and horizontally, where the user can use functions belonging to other users. The escalation of privileges can be caused by system glitches or flawed assumptions during the system’s design phase. These unauthorized access situations can lead to risks such as unauthorized system manipulation and security[1] vulnerabilities. Various examples include exploiting vulnerabilities in high-privilege applications or older systems, and using techniques like Cross Zone Scripting. Mitigation strategies include techniques like Data Execution Prevention, Address space layout randomization, and requiring digitally signed kernel mode code.
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.