Privilege escalation in Microsoft Windows

Published: 2008-04-17 | Updated: 2016-12-14
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2008-1436
Exploitation vector Local
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Windows Subscribe
Windows Server
Vendor Microsoft

Security Advisory

This security advisory describes one medium risk vulnerability.

1) Privilege escalation

Severity: Medium

CVSSv3: 7.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]

CVE-ID: CVE-2008-1436

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper security restrictions on security tokens in the Microsoft Distributed Transaction Coordinator (MSDTC) service. By sending a specially crafted request to the MSDTC service, an attacker can access privileged security tokens and execute code with privileges of SYSTEM account.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.

Note: this vulnerability was being actively exploited.


Install update from vendor's website:

Microsoft Windows 2000 Service Pack 4:
Windows XP Service Pack 2 and Windows XP Service Pack 3:
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
Windows Vista and Windows Vista Service Pack 1:
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
Windows Server 2008 for 32-bit Systems:
Windows Server 2008 for x64-based Systems:
Windows Server 2008 for Itanium-based Systems:

Vulnerable software versions

Windows: 2000, Vista, XP

Windows Server: 2003, 2008

CPE External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.