Microsoft Zero Day Disclosed

Wednesday, June 5, 2013 @ 03:06 PM gHale

There is a security vulnerability in Windows that any user on the system can exploit to obtain administrator privileges, a security researcher said.

Rather than reporting the vulnerability to Microsoft, Google security expert Tavis Ormandy posted details to the Full Disclosure security mailing list in mid-May and has now published an exploit to the same mailing list.

Google Gives 7-Day Patch Period
Security Plans Set for Java
Ransomware Uses Java Zero Day
Java Zero Day Exploits Ready to Go

With this latest vulnerability, Ormandy decided to issue the information on t he Full Disclosure list. After discovering a bug in the Windows kernel’s EPATHOBJ::pprFlattenRec function, he wrote to the list: “I don’t have much free time to work on silly Microsoft code” and solicited ideas on how to successfully exploit the bug. With the help of user progmboy, Ormandy then developed a privilege escalation exploit which he shared with the mailing list, noting that another exploit was already in circulation.

Researchers at heise Security were able to use the exploit to reproduce the problem. If the file opens, it can launch a command line that can run arbitrary commands with system privileges, regardless of the user’s own privileges – even a guest account works.

With the full notice, Microsoft will now have to plug the vulnerability as rapidly as possible, particularly given that black hats also now have access to the exploit code. A virus could utilize the exploit to shut down anti-virus software without a UAC prompt or to insert a rootkit deep into the system.

Microsoft said it was looking into the problem and would “take appropriate measures” to protect its customers. It was not able to say when they will be able to close off the vulnerability or how users could protect themselves from privilege escalation.

Leave a Reply

You must be logged in to post a comment.