MS08-025: Microsoft Windows kernel vulnerable to local privilege escalation flaw

Summary:From Microsoft: A local attacker who successfully exploited this vulnerability could take complete control of an affected system.  An attacker could then install programs; view, change, or delete data; or create new accounts.

From Microsoft: 

A local attacker who successfully exploited this vulnerability could take complete control of an affected system.  An attacker could then install programs; view, change, or delete data; or create new accounts.  This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.  This security update addresses the vulnerability by modifying the way that the Windows kernel validates inputs passed from user mode.  Updates are available for the affected software.

Mmmmm that's tasty.  Don't underestimate this one... getting user-level access to a system is either than one thinks... especially in a corporate environment.  A regular user might be able to gain legitimate access to a more important system as a user, through privileges provided by the domain controller, and then utilize this to gain admin privileges.  Perhaps dump the creds on that system, maybe get a cached domain admin credential, and now you own the entire network.

To make it worse, exploit code is publicly available already from a couple sources (listed on Security Focus):

The following exploit is available to members of the Immunity Partner's Program:

https://www.immunityinc.com/downloads/immpartners/ms08_025.tgz

The following proof-of-concept code and exploit are available:

Good thing Microsoft patched this one awhile back, but I would double check you are up to date now that the exploit code is public.

Topics: Microsoft, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.