Vista Already Vulnerable?

A Russian website recently posted a proof of concept exploit code for a privilege escalation vulnerability that affects all versions of Windows, including Vista.

“We are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem. The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,” said Mike Reavy, operations manager, Microsoft Security Response Center.

According to Reavy, initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. However, these are just the preliminary findings and Microsoft has activated their emergency response process to determine the full scope and potential impact to Microsoft’s customers.

According to another security alert, the vulnerability is caused by memory corruption when certain strings are sent through the MessageBox API with the MB_SERVICE_NOTIFICATION flag.

The alert suspects that some “debug” feature is not cleaned out in final release and it seems to exploit code execution at the kernel level. This causes the system to hang, crash (BSOD) or reboot.

As of now Reavy claims that Microsoft has not observed any public exploitation or attack activity regarding this issue. “While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software.”