Microsoft discloses vulnerability affecting multiple Windows Versions


After investigating public reports, Microsoft has published Microsoft Security Advisory 951306, which describes a vulnerability that affects multiple versions of Windows (including Windows XP Professional Service Pack 2, all supported versions and editions of Windows Server 2003, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.)
The newly found security flaw could potentially allow a malicious local user (who has authentication) to execute specially crafted code to raise his privilege level to LocalSystem. IIS and SQL Server are the main attack vectors. But other vectors are possible, such as Microsoft Distributed Transaction Coordinator (MSDTC) on Windows Server 2003.
The vulnerability looks like it basically allows for any process that has the SeImpersonatePrivilege to execute some code and be able to impersonate LocalSystem (which has the NT AUTHORITY\SYSTEM SID and a wealth of privileges in its token). For Windows 2003 and beyond the users awarded that privilege are in the Network Services, Local Services, Local System, and Administrators groups. On Vista/Server 2008 you additionally won’t have the privilege unless you’ve elevated. That fortunately reduces the scope of this otherwise highly serious vulnerability, though it still isn’t pretty.
It must be noted however Microsoft stated in its advisory that- “Hosting providers may be at increased risk from this elevation of privilege vulnerability.†However, no exploitation has been observed at this time.
Microsoft Security Advisory 951306
Posted in MS News, Security, Windows Server System, Windows Vista, Windows XP | 1 Comment »
April 26th, 2008 at 4:30 am
[…] this week I published a post regarding a vulnerability in several versions of Microsoft Windows… …Well the vulnerability is now being executed-there is another round of Mass SQL […]