Summary:
ZeroTier versions 1.8.7 and below for Windows set incorrect filesystem permissions on “C:\ProgramData\ZeroTier\One\”.
The Users group had write access to the directory ZeroTier reads on startup, allowing privilege escalation via DLL hijacking.
MacOS, Linux, and other platforms were not affected.
Impact
Local privilege escalation to SYSTEM.
Mitigation
Upgrade Windows systems to version 1.8.8.
Acknowledgements
This issue was brought to our attention by @ycdxsb, via huntr.dev.
This vulnerability is CVE-2022-1316