Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vulnerable To 'Token Kidnapping' Attacks

Posted by timothy on from the token-of-my-affection dept.

cuppa+tea writes "More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions, including the brand new Windows 2008 R2 and Windows 7."

10 of 126 comments (clear)

  1. Re:About Software by iammani · · Score: 4, Interesting

    Really? Can you find a bug in this...

    #include <stdio.h>
    int main()
    {
            printf("hello, world");
            return 0;
    }

  2. Yes by XanC · · Score: 5, Insightful

    It doesn't do anything useful.

    1. Re:Yes by Windwraith · · Score: 4, Funny

      No, but it's polite, it's greeting the world. You are so insensitive!

    2. Re:Yes by davester666 · · Score: 5, Insightful

      Well, attacking this specific program has all kinds of possibilities. stdlib hasn't exactly been bug-free over the years, and depending on the environment, other libraries may get automatically loaded into the address space, and those can possibly be attacked. Then there is the infamous 'cc' hack, which automatically added a backdoor when you compiled specific programs.

      Just because you [the programmer] haven't typed in a large amount of code doesn't mean your program has fewer possibilities for bugs and/or attack vectors.

      --
      Sleep your way to a whiter smile...date a dentist!
  3. Re:About Software by Anonymous Coward · · Score: 5, Insightful

    Yep. It buggers up the prompt.

      printf("hello, world\n"); /*is better*/

    *This message was compiled with -pedantic.

  4. Re:About Software by ckdake · · Score: 5, Insightful

    I don't know the last time I looked at everything in stdio.h for problems so it's tough to say...

  5. "... by any user with impersonation rights." by n0-0p · · Score: 4, Informative

    That should be the first thing anyone familiar with Windows architecture notices. It means that it's an escalation from an account that's already running at elevated privilege (at least, it is on Vista and beyond).

    So, it's definitely a security bug. But it seems like a disproportionate amount of noise for a local privilege escalation requiring higher than normal privilege to start with.

  6. Re:About Software by DAldredge · · Score: 5, Funny

    You aren't checking the the return status of printf.

  7. Re:About Software by greg_barton · · Score: 4, Interesting

    Considering I once performed a security audit and found that the lead developer for the client had rewritten printf so it had damaging side effects...yes...

  8. optimistic by Twillerror · · Score: 4, Informative

    Lately the security bugs I've seen are making me feel good.

    Sounds weird I know, but it just seems like they are getting more and more bizarre.

    Even the flash and PDF stuff makes me feel that we are starting to go into left field for vectors. The security industry is putting itself out of work...

    Where will be in 5 years...probably in a relatively safe world.

    I mean heck this things says "If you can upload an ASPX file you can take over the system". That means we are worrying about how to protect against inside jobs not general problems.

    When was the last major worm anyways?