Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Privilege Escalation Exploit In the Wild
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 10-27-2007, 05:13 AM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 295
Privilege Escalation Exploit In the Wild
Privilege Escalation Exploit In the Wild
<p>During the weekend I found an interesting sample exploiting a possibly new and undocumented vulnerability for Windows XP and 2003. The exploit is a <strong>local privilege escalation</strong> that allows users with a restricted account to gain a SYSTEM shell with higher privileges. In my tests the exploit seems to work successfully against a fully patched Windows XP-SP2 and also Windows 2003-SP1. At this time, Vista does not seem to be affected by the problem.</p>

<p><a href="http://www.symantec.com/enterprise/security_response/weblog/upload/2007/10/EF_pep_lrg.html" onclick="window.open('http://www.symantec.com/enterprise/security_response/weblog/upload/2007/10/EF_pep_lrg.html','popup','width=1024,height=768,sc rollbars=no,resizable=no,toolbar=no,directories=no ,location=no,menubar=no,status=no,left=0,top=0'); return false"><img src="http://www.symantec.com/enterprise/security_response/weblog/upload/2007/10/EF_pep_sml.jpeg" width="370" height="278" /></a><br />
<strong>(Click for larger image)</strong></p>

<p>We notified Microsoft and they were already aware of this specific issue. The mitigating factor is that the attacker has to be logged on to or have access to the compromised computer with a valid account, since the exploit only works locally. Home users are probably less exposed to this threat. </p>

<p>At this time, we will not disclose the details of the vulnerability; however, we'll just say that the affected component is a driver that is shipped in many Windows installations by default. It is also included in the \i386 folder. Under some cir****tances, this driver can write into the kernel memory without proper restrictions.</p>

<p>At the moment, it’s still not clear how the driver is used by Windows because this file does not have the typical Microsoft file properties present in other Windows system files. Since this exploit was used in the wild, we are recommending system administrators be extremely careful at this time and restrict or disable access to unnecessary services for all accounts except for administrator-level users. While this workaround must be tested carefully, it may be a viable option once administrators have verified that their users do not need access to a particular service.</p>
http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html
http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html
Tue, 16 Oct 2007 17:23:27 -0800
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump



    All times are GMT -5. The time now is 09:32 AM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2