The vulnerabilities, already patched in  create ideal conditions for malicious attackers to build an “attack chain” to gain full control over targeted endpoints, according to fresh documentation from Redmond’s threat intelligence team.

While the Black Hat session was  as a discussion on zero-days, the disclosure did not include any data on in-the-wild exploitation and the vulnerabilities were fixed by the open-source group during private coordination with Microsoft.

In all, Microsoft researcher Vladimir Tokarev discovered  affecting the client side of the OpenVPN architecture:

Microsoft emphasized that exploitation of these flaws requires user authentication and a deep understanding of OpenVPN’s inner workings. However, once an attacker gains access to a user’s OpenVPN credentials, the software giant warns that the vulnerabilities could be chained together to form a sophisticated attack chain.

“An attacker could leverage at least three of the four discovered vulnerabilities to create exploits to achieve RCE and LPE, which could then be chained together to create a powerful attack chain,” Microsoft said.

In some instances, after successful local privilege escalation attacks, Microsoft cautions that attackers can use different techniques, such as  or exploiting known vulnerabilities to establish persistence on an infected endpoint.

“Through these techniques, the attacker can, for instance, disable Protect Process Light (PPL) for a critical process such as Microsoft Defender or bypass and meddle with other critical processes in the system. These actions enable attackers to bypass security products and manipulate the system’s core functions, further entrenching their control and avoiding detection,” the company warned.

The company is strongly urging users to apply fixes available at.