Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Authentication Flaw in Windows Debugger can Lead to Elevated Privileges
Posted by Philipp Esselbach on: 05/22/2002 04:08 PM [ Print | 0 comment(s) ]
Microsoft has released a patch for the Authentication Flaw in Windows Debugger can Lead to Elevated Privileges issue
The Windows debugging facility provides a means for programs to perform diagnostic and analytic functions on applications as they are running on the operating system. One of these capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs. These commands would then execute in the same security context as the controlled program.
There is a flaw in the authentication mechanism for the debugging facility such that an unauthorized program can gain access to the debugger. A vulnerability results because an attacker can use this to cause a running program to run a program of her choice. Because many programs run as the operating system, this means that an attacker can exploit this vulnerability to run code as the operating system itself. She could take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.
There is a flaw in the authentication mechanism for the debugging facility such that an unauthorized program can gain access to the debugger. A vulnerability results because an attacker can use this to cause a running program to run a program of her choice. Because many programs run as the operating system, this means that an attacker can exploit this vulnerability to run code as the operating system itself. She could take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.
Download
Related Threads
08/23/2008 03:07 PM: Unable to Authenticate on XP Pro Network Share (1) by Kattmandu
03/02/2005 03:43 PM: OWA - Authentication Problems (9) by theefool
05/17/2004 04:30 AM: shared folders asks for login authentication (1) by dbgg1979
12/11/2002 08:15 AM: XP Authenticating on NT? (7) by DS3Circuit
03/24/2002 10:29 PM: wierd error with file sharing /user authentication (3) by Btfh
10/18/2001 12:57 PM: win xp and IE authentication (3) by Xiven
03/02/2005 03:43 PM: OWA - Authentication Problems (9) by theefool
05/17/2004 04:30 AM: shared folders asks for login authentication (1) by dbgg1979
12/11/2002 08:15 AM: XP Authenticating on NT? (7) by DS3Circuit
03/24/2002 10:29 PM: wierd error with file sharing /user authentication (3) by Btfh
10/18/2001 12:57 PM: win xp and IE authentication (3) by Xiven