My Photo
Name:
Location: Blue Ridge, Va., United States

Friday, December 22, 2006

Microsoft Windows CSRSS Privilege Escalation Vulnerability

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a double-free error in the handling of HardError messages within WINSRV.DLL. This may be exploited to execute arbitrary code under the CSRSS process with SYSTEM privileges by setting the caption or text parameters of the "MessageBox()" function to a string that starts with "\??\".

The vulnerability is reported in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2, and Windows Vista.

Solution:
Grant access to trusted users only.

Original Advisory:
Microsoft: http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx

Full-Disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html

Determina Security Research:
http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html

http://secunia.com/advisories/23448/

http://research.eeye.com/html/alerts/zeroday/20061215.html


 

0 Comments:

Post a Comment

<< Home