Security 10671 Published by

DebPloitFix is a hotfix that closes the security hole (DebPloit exploit) discovered by Radim EliCZ Picha.

DebPloitFix is implemented as a kernel mode driver that can be run dinamically (no need to restart your system). DebPloitFix assigns the new security descriptor to the DbgSsApiPort LPC port so only the local system (SYSTEM user) will be able to access this port.

More informations

About DebPloit: DebPloit is an exploit that shows weakness of the Windows NT/2000 security. It uses the security hole in the NT/2000 debugging subsystem and allows to any user (even Guest) execute processes in the security context of an administrator or a local system. Thus any person who have a local access to the computer running Windows NT or Windows 2000 can became an administrator and do everything he/she wants.