Microsoft acknowledges Vista kernel elevation vulnerability

What was not supposed to happen in Windows Vista apparently has: Despite a layer of protection that was supposed to prevent against processes elevating their own privileges, Microsoft now says someone found a way to do it.

A Microsoft security bulletin written earlier this week but publicized this morning cites security software engineers SkyRecon Systems as having discovered a way for processes in both 32- and 64-bit versions of Windows Vista to elevate their own privilege to administrator level. This discovery would likely be the latest in several months to thwart the designs of PatchGuard, Microsoft's series of measures for innovating the design of the operating system kernel in the interest of thwarting the most common attacks that plagued Windows XP. Last February, PatchGuard was theoretically defeated, using methodology made public by, ironically, Symantec.

Microsoft has issued a security patch that addresses the ALPC issue.

News source: BetaNews

Report a problem with article
Previous Story

Messenger Plus! Live 4.50.312

Next Story

Opera Latest "Victim" in Microsoft Anti-Trust Claim

19 Comments

Commenting is disabled on this article.

The question I have is, in reality, what conditions must exist for a hacker to be able to exploit this vulnerability?

[edit]
Actually, according to the bulletin, the attacker first has to have valid credentials on that machine to log on. I can't say I'm shaking in my boots.

not only does symantec slows down our systems with their crappy brand of norton software, but they also screw us over by destroying the security protection Microsoft offers us.

Symantec have somehow brainwashed the masses into thinking Norton is good, so people actually want it when they buy a new computer.

Ironically, Norton only makes computing much more difficult.

winmoose said,
Symantec have somehow brainwashed the masses into thinking Norton is good, so people actually want it when they buy a new computer.

Ironically, Norton only makes computing much more difficult.


Symantec gave me a free license for Norton 360. It actually works pretty good as long as I leave it on the shelf and use Avast instead. It keeps some of my other CDs from falling over.

GreyWolfSC said,
Symantec gave me a free license for Norton 360. It actually works pretty good as long as I leave it on the shelf and use Avast instead. It keeps some of my other CDs from falling over.

QFT!!

I too have a Norton-shaped bookend

naap51stang said,
Hell, considering most people use 12345 as a password, this is a minor thing LOL

hey! Who told you my private Password?

Taliseian said,
Wait a sec....that's the password to my luggage....... :)


T

I so love Spaceballs. That was a great movie. Now is they only did make Spaceballs 2: The Quest for More Money.

This is old news - there is already a fix for this.

And it does not surprise me - anyone can find anyway past computer security. Nothing is safe so long as someone is interested in breaking through.

I don't know why people have such a fatalist view when it comes to software. Because, contrary to popular belief, it IS possible to make things so secure that to hack through would be humanly impossible. The reason it doesn't seem like this is that we only hear when something has been hacked.

Just look at DES encryption, people said it would take millions of years to crack... and look at how quickly a distributed cracking team managed to do it... 22 hours.

If you have the computing power, which programs like Folding@Home do, you could brute force pretty much anything.

Primetime2006 said,
This is old news - there is already a fix for this.

And it does not surprise me - anyone can find anyway past computer security. Nothing is safe so long as someone is interested in breaking through.

A friend of mine said "Anything man-made can be man-broken" I agree. Security is great, but its just a deturant, if someone REALLY wants in, they will find a way (or a way around)