Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
BID:25719
Info
Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
| Bugtraq ID: | 25719 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4969 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 18 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Matousec Transparent Security Research discovered these vulnerabilities. |
| Vulnerable: |
Microsoft Process Monitor 1.23 Microsoft Process Monitor 1.22 |
| Not Vulnerable: |
Microsoft Process Monitor 1.24 |
Discussion
Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
Process Monitor is prone to multiple local vulnerabilities.
Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.
Process Monitor 1.22 is vulnerable to these issues; other versions may also be affected.
Process Monitor is prone to multiple local vulnerabilities.
Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.
Process Monitor 1.22 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
To exploit these issues, attackers can use 'BSODhook' from Matousec.
To exploit these issues, attackers can use 'BSODhook' from Matousec.
Solution / Fix
Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
Solution:
The vendor has released updates to address this issue. Please see the references for more information.
Microsoft Process Monitor 1.22
Microsoft Process Monitor 1.23
Solution:
The vendor has released updates to address this issue. Please see the references for more information.
Microsoft Process Monitor 1.22
-
Microsoft ProcessMonitor.zip
http://download.sysinternals.com/Files/ProcessMonitor.zip
Microsoft Process Monitor 1.23
-
Microsoft ProcessMonitor.zip
http://download.sysinternals.com/Files/ProcessMonitor.zip
References
Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
References:
References:
- Process Monitor Product Page (Microsoft)
- Updates: BgInfo v4.11, ProcessMonitor v1.24 (Microsoft)
- Windows Personal Firewall Analysis (Matousec)
- Plague in (security) software drivers & BSDOhook utility (Matousec)