Windows token kidnapping returns to haunt Microsoft
Hardon
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8Bit
<http://www.zdnet.com/blog/security/windows-token-kidnapping-returns-to-haunt-microsoft/6849>
<quote>
Microsoft’s problems with Token Kidnapping [.pdf] on the Windows
platform aren’t going away anytime soon.
More than a year after Microsoft issued a patch to cover
privilege escalation issues that could lead to complete system
takeover, a security researcher plans to use the Black Hat
conference spotlight to expose new design mistakes and security
issues that can be exploited to elevate privileges on all Windows
versions including the brand new Windows 2008 R2 and Windows 7.
Cesar Cerrudo, founder and CEO of Argeniss, a security
consultancy firm based in Argentina, first reported the token
kidnapping hiccup to Microsoft in 2008 and after waiting in vain
for a patch, he released the details during the Month of Kernel
Bugs project.follow Ryan Naraine on twitter
The flaw would eventually be exploited in active attacks, leading
to a mad scramble at Redmond to come up with a fix and a
subsequent disclosure flap that exposed Microsoft as the
irresponsible party.
This year, Cerrudo plans a new talk titled “Token Kidnapping’s
Revenge” where he will discuss how attackers can even bypass
certain Windows services protections.
</quote>
Chris Ahlstrom
> <http://www.zdnet.com/blog/security/windows-token-kidnapping-returns-to-haunt-microsoft/6849>
>
> <quote>
> Microsoft???s problems with Token Kidnapping [.pdf] on the Windows
> platform aren???t going away anytime soon.
> </quote>
The PDF noted there is an short, interesting slideshow:
http://www.argeniss.com/research/TokenKidnapping.pdf
--
Who will take care of the world after you're gone?