Microsoft Windows Impersonation Privilege Escalation Weakness
BID:18008
Info
Microsoft Windows Impersonation Privilege Escalation Weakness
| Bugtraq ID: | 18008 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 16 2006 12:00AM |
| Updated: | May 17 2006 09:14PM |
| Credit: | The original discoverers of this issue are David Litchfield and Tim Mullen. Brian L. Walche <[email protected]> provided further research, along with 3APA3A. |
| Vulnerable: |
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Gold 0 Microsoft Windows XP Embedded SP1 Microsoft Windows XP Embedded Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition |
| Not Vulnerable: | |
Discussion
Microsoft Windows Impersonation Privilege Escalation Weakness
Microsoft Windows is susceptible to a weakness that may allow attackers to gain elevated privileges. This issue is due to the ability of services to impersonate clients after they have authenticated.
Microsoft encourages the use of the 'Local Service' and 'Network Service' accounts to mitigate the consequences of exploiting vulnerabilities in services. Attackers exploiting latent vulnerabilities in services running with these low-privilege accounts may take advantage of this weakness to gain elevated privileges.
Under certain circumstances, this issue may aid attackers who can exploit latent vulnerabilities in low-privileged services in gaining elevated privileges, allowing them to fully compromise targeted computers.
This issue is similar to the one documented in BID 8276 (Microsoft SQL Server / MSDE Named Pipes Privilege Escalation Vulnerability).LoadDocument.aspx?guid=4E4FB9BA810E48B186E99FAFC7E3462C
Microsoft Windows is susceptible to a weakness that may allow attackers to gain elevated privileges. This issue is due to the ability of services to impersonate clients after they have authenticated.
Microsoft encourages the use of the 'Local Service' and 'Network Service' accounts to mitigate the consequences of exploiting vulnerabilities in services. Attackers exploiting latent vulnerabilities in services running with these low-privilege accounts may take advantage of this weakness to gain elevated privileges.
Under certain circumstances, this issue may aid attackers who can exploit latent vulnerabilities in low-privileged services in gaining elevated privileges, allowing them to fully compromise targeted computers.
This issue is similar to the one documented in BID 8276 (Microsoft SQL Server / MSDE Named Pipes Privilege Escalation Vulnerability).LoadDocument.aspx?guid=4E4FB9BA810E48B186E99FAFC7E3462C
Exploit / POC
Microsoft Windows Impersonation Privilege Escalation Weakness
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Microsoft Windows Impersonation Privilege Escalation Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Microsoft Windows Impersonation Privilege Escalation Weakness
References:
References:
- Snagging Security Tokens to Elevate Privileges (David Litchfield)
- Technet Security (Microsoft)
- Windows XP Homepage (Microsoft)
- Re: The Weakness of Windows Impersonation Model ("David Litchfield"
- Re[2]: The Weakness of Windows Impersonation Model ("Brian L. Walche"
- The Weakness of Windows Impersonation Model ("Brian L. Walche"