Microsoft Vista, XP, 2000 Exploit for Sale - CIO

**Anilrgowda** · 04-Jan-2007, 10:42 PM

Virus writers are trying to find a buyer for an exploit targeting a flaw discovered in Windows Vista in December-one dismissed by some researchers as low risk. However, one researcher says the privilege escalation exploit could be paired with a virus to bypass all of the privilege safeguards Microsoft built into Vista and execute at the system level.
"This exploit completely shatters the privilege safeguards," says Marc Maiffret, chief hacking officer at eEye Digital Security. "It can elevate an unprivileged user to full system access."
"Vista is supposed to be the most secure thing ever, according to Microsoft," says Maiffret, "and here’s this exploitable flaw within just a few weeks of its release."
The vulnerability in question affects four of Microsoft’s operating systems: Windows 2000 SP4, Windows Server SP1, Windows XP SP2 and Vista. Maiffret says the exploit "works against every version of Windows beyond 2000."
Proof-of-concept code that targets the Client-Server Runtime Subsystem (CSRSS), which performs functions such as launching and closing applications, was publicly released late last month.
A user could launch malicious code within the CSRSS that would elevate privileges, such as going from an ordinary user to an administrator, Thomas Kristensen, chief technology officer for Secunia in Denmark, said in an earlier interview.
To execute the attack, however, a user would already have to be logged onto a machine or have gained access to the network some other way, Kristensen said. Because of this, Secunia rated the vulnerability as "less critical," he said.
Still, the flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said. "It’s still a significant vulnerability which administrators should pay a whole lot of attention to."
Microsoft was recently made aware of potential vulnerabilities in Windows Vista, says a Microsoft spokesperson. "Microsoft is not aware of any active attacks or impact to customers as a result of these responsibly disclosed vulnerabilities. Once the investigation is complete Microsoft will provide additional guidance to customers."

"Windows Vista is not a silver bullet," adds the Microsoft spokesperson, "security issues will continue even with more secure operating systems, because the threat bar will continue to be raised and hackers will become more aggressive and that is why Microsoft is taking a defense in depth approach to helping protect users from malware."
Maiffret agrees, but believes it’s users, not Microsoft, that is the last line of defense.
"At the end of the day, it’s still just humans writing code and they will make mistakes," says Maiffret. "Users should take this as a warning to be vigilant."

04-Jan-2007, 10:42 PM	#1 (permalink)
Anilrgowda Administrator Posts: 18,720 Join Date: Jan 2006 Rep Power: 10 IM:	Microsoft Vista, XP, 2000 Exploit for Sale - CIO Virus writers are trying to find a buyer for an exploit targeting a flaw discovered in Windows Vista in December-one dismissed by some researchers as low risk. However, one researcher says the privilege escalation exploit could be paired with a virus to bypass all of the privilege safeguards Microsoft built into Vista and execute at the system level. "This exploit completely shatters the privilege safeguards," says Marc Maiffret, chief hacking officer at eEye Digital Security. "It can elevate an unprivileged user to full system access." "Vista is supposed to be the most secure thing ever, according to Microsoft," says Maiffret, "and here’s this exploitable flaw within just a few weeks of its release." The vulnerability in question affects four of Microsoft’s operating systems: Windows 2000 SP4, Windows Server SP1, Windows XP SP2 and Vista. Maiffret says the exploit "works against every version of Windows beyond 2000." Proof-of-concept code that targets the Client-Server Runtime Subsystem (CSRSS), which performs functions such as launching and closing applications, was publicly released late last month. A user could launch malicious code within the CSRSS that would elevate privileges, such as going from an ordinary user to an administrator, Thomas Kristensen, chief technology officer for Secunia in Denmark, said in an earlier interview. To execute the attack, however, a user would already have to be logged onto a machine or have gained access to the network some other way, Kristensen said. Because of this, Secunia rated the vulnerability as "less critical," he said. Still, the flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said. "It’s still a significant vulnerability which administrators should pay a whole lot of attention to." Microsoft was recently made aware of potential vulnerabilities in Windows Vista, says a Microsoft spokesperson. "Microsoft is not aware of any active attacks or impact to customers as a result of these responsibly disclosed vulnerabilities. Once the investigation is complete Microsoft will provide additional guidance to customers." "Windows Vista is not a silver bullet," adds the Microsoft spokesperson, "security issues will continue even with more secure operating systems, because the threat bar will continue to be raised and hackers will become more aggressive and that is why Microsoft is taking a defense in depth approach to helping protect users from malware." Maiffret agrees, but believes it’s users, not Microsoft, that is the last line of defense. "At the end of the day, it’s still just humans writing code and they will make mistakes," says Maiffret. "Users should take this as a warning to be vigilant."

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)