PsExec has been vulnerable to a local privilege escalation for the last 14 years, according to security researcher David Wells. The vulnerability lies within the PSEXESVC service which is executed as SYSTEM on the machine. PsExec relies on named pipes to communicate with this service and, if an attacker manages to create the “\PSEXESVC” named pipe before PSEXESVC runs, the service will be tricked into opening a named pipe it did not create or set protections for. This allows any low-privilege user to send data to the SYSTEM-level PSEXESVC service, effectively giving anyone with user access to a system the ability to gain full administrative rights to the machine the next time that any remote command is sent to that system by an administrator using PsExec.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that