Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Vulnerability

The SNEK Initiative Drops “Eris”: New Post-Exploit Framework Abuses Windows Fax Service for SYSTEM Root

by Nam Phong · May 19, 2026

A novel exploitation framework designed to escalate execution privileges within the Windows environment, designated as Eris, has emerged in the public domain. The architect of the project asserts that the methodology facilitates the spawning of an interactive command terminal endowed with full systemic authority within an active user session, achieved by manipulating the native Windows Fax Service.

The Eris execution chain operates through a bifurcated sequence. In the introductory phase, the software orchestrates an evasion of the Windows User Account Control (UAC) interface by exploiting the legacy Silent Cleanup task scheduling mechanism. Having successfully secured elevated privileges, the payload modifies the system registry to register a counterfeit virtual fax device provider and reconfigures the Fax Service initialization parameters to mandate execution under the Local System security context. Upon the subsequent recycling of the service daemon, it processes the malicious payload, ultimately delivering a command shell maintaining absolute system privileges.

The creator of the framework characterizes the initial UAC bypass as a prerequisite “sacrifice,” an operational catalyst without which the core architecture of the second-tier attack vector cannot be initialized.

Validating the operational efficacy of Eris necessitates an environment equipped with the g++ compiler from the MinGW-w64 software suite or an active MSYS2 deployment. The project repository encapsulates the source code for two discrete components: the core payload library and the primary executable loader binary. Once compiled and executed by an operator, the toolkit yields an elevated terminal session.

Furthermore, the developer has distributed compiled, standalone binaries tailored for practitioners seeking to forgo manual compilation routines.

The integration architecture of Eris targets localized deployment scenarios, functioning on the presumption that an adversary has already established a primary foothold within the system architecture. Security analysts classify utilities of this typology as post-exploitation instruments, routinely weaponized by network interlopers to achieve persistent infrastructure dominance and facilitate lateral movement across enterprise Windows environments.

Related coverage

  • AirDrop and Quick Share Vulnerabilities Exposed
  • Adblock for YouTube Hides Dangerous Extension Architecture
  • Linux “pedit COW” Vulnerability Turns Local Users Into Root Without Touching Disk
  • Cisco Unified Servers Face Active CVE-2026-20230 Exploitation
  • Squidbleed Vulnerability Exposes Legacy Proxies

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: Active Session TakeoverEris Exploitlocal privilege escalationMinGW-w64 CompilationPost-Exploitation ToolRegistry HijackSilent Cleanup TaskThe SNEK InitiativeUser Account Control BypassWindows Fax Service

Follow:

  • Next story Suspected Iranian Hackers Breach US Gas Station Fuel Monitoring Systems
  • Previous story VulnCheck Warns of Active Cisco Zero-Day and Massive Server Exploitation Wave

  • Recent Posts
  • Popular Posts
  • Tags
  • Android signing key leak diagram showing exposed keystore and APK re-signing risk

    Data Leak

    Android Signing Key Leak Exposes 278 Apps to Fake Updates

    July 3, 2026

  • Mustang Panda Zoho WorkDrive malware attack targeting India energy sector

    Malware

    Mustang Panda Exploits Zoho WorkDrive in Cyber Espionage

    July 3, 2026

  • Apple Hide My Email vulnerability analysis exposing real Apple ID email addresses

    Data Leak

    Apple Hide My Email Vulnerability Exposes Real Addresses

    July 3, 2026

  • FortiBleed malware campaign analysis showing FortiGate firewall compromises by INC Ransom

    Malware

    FortiBleed Malware Campaign Linked to INC Ransom

    July 3, 2026

  • BioShocking AI browser attack diagram showing prompt injection bypassing guardrails

    Data Leak

    BioShocking: How a Fake Game Tricks AI Browsers Into Leaking Secrets

    July 3, 2026

  • Iranian cyberattacks on Israel cyber war graphic

    Cyber Security

    Iranian Cyberattacks on Israel Triple in 2026

    July 2, 2026

  • SolydXK 10.4 released: based on Debian Buster

    Linux

    SolydXK 10.4 released: based on Debian Buster

    September 27, 2019

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro