[ISN] Microsoft debugger flaw yields system keys

From: InfoSec News (isnat_private)
Date: Thu May 23 2002 - 02:56:58 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, May 22, 2002"

    By Robert Lemos 
    Staff Writer, CNET News.com
    May 22, 2002, 5:25 PM PT
    Microsoft warned Windows NT and 2000 users on Wednesday of a new flaw
    in its debugger tools that could let attackers give themselves
    complete control of a system once they've gained basic access to that
    The vulnerability involves a flaw in the debugger's authorization
    feature. The flaw lets any user run any program on the system, with
    the highest privileges.
    The hole could be used in conjunction with other Windows
    vulnerabilities that allow a remote attacker to run as a local user,
    said Marc Maiffret, chief hacking officer with network-protection
    company eEye Digital Security.
    "By itself, I would say it's not that dangerous, but coupled with
    other vulnerabilities, it's nasty," Maiffret said. "It makes threats
    like Nimda possible."
    The Nimda worm used a similar double whammy to gain base-level access
    to a system and then elevate its privileges to take control of the
    infected computer.
    Microsoft gave the vulnerability a "critical" rating for client
    systems but would not estimate what portion of Windows NT 4.0 and
    Windows 2000 computers might be vulnerable to the new flaw.
    "Being able to log on to the computer in the first place, and being
    able to run code (once logged on), are the two limiting factors for
    this flaw," said Christopher Budd, security program manager for
    Microsoft's security response center.
    For example, a guest account could be co-opted by an attacker and used
    to exploit the flaw to run code only if the system's administrator
    allowed guests access to the console and let them introduce code to
    the machine, Budd said.
    Microsoft has posted an advisory and a patch for the problem.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu May 23 2002 - 05:52:02 PDT