Privilege escalation in Microsoft Windows

Published: 2008-04-17 00:00:00 | Updated: 2016-12-14
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2008-1436
CVSSv3 7.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows Vista
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2008
Vendor URL Microsoft

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper security restrictions on security tokens in the Microsoft Distributed Transaction Coordinator (MSDTC) service. By sending a specially crafted request to the MSDTC service, an attacker can access privileged security tokens and execute code with privileges of SYSTEM account.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.

Note: this vulnerability was being actively exploited.

Remediation

Install update from vendor's website:

Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyID=52B756E7-636F-4D9E-8A17-DBF467BFBE4D
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyID=90FE715E-8190-43E9-9C43-DF5BE564D923
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=A794C32A-9A0C-47D9-9C57-FF5D4A8E4944
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=25ADEC10-DB8C-4CAC-BF74-2C784678150A
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=B014C399-F404-4CB2-8F9D-864DF382EFEB
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=6ADA372B-BA17-433E-B022-D2C57B35AF8A
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=F111B99A-E555-4F29-8D1F-E9EC03D5CF1F
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=FA153BDC-6B48-4DF2-9E5E-ABACD6DA782C
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9E3C7B52-65A7-42FB-BEB5-1B374934737F
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=EEBB4D4D-29D2-4247-8CBB-63A3B17585EC
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=CC383C24-B0F6-47C1-9E89-6A378B09E82F

External links

https://technet.microsoft.com/en-us/library/security/ms09-012.aspx

Back to List