Threat actors may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so Threat actors will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.