Privilege escalation in Windows and Windows Server - CVE-2009-0080
Published: December 14, 2016
Vulnerability identifier: #VU1319
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2009-0080
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to incorrect placing of access control lists (ACLs) on threads in the current ThreadPool. By leveraging incorrect thread ACLs an attacker can access NetworkService or LocalService account, obtain elevated privileges and execute code with privileges of SYSTEM account.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Note: this vulnerability was being actively exploited.
The weakness exists due to incorrect placing of access control lists (ACLs) on threads in the current ThreadPool. By leveraging incorrect thread ACLs an attacker can access NetworkService or LocalService account, obtain elevated privileges and execute code with privileges of SYSTEM account.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Note: this vulnerability was being actively exploited.
How to mitigate CVE-2009-0080
Install update from vendor's website:
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=F111B99A-E555-4F29-8D1F-E9EC03D5CF1F
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=FA153BDC-6B48-4DF2-9E5E-ABACD6DA782C
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9E3C7B52-65A7-42FB-BEB5-1B374934737F
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=EEBB4D4D-29D2-4247-8CBB-63A3B17585EC
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=CC383C24-B0F6-47C1-9E89-6A378B09E82F
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=F111B99A-E555-4F29-8D1F-E9EC03D5CF1F
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=FA153BDC-6B48-4DF2-9E5E-ABACD6DA782C
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9E3C7B52-65A7-42FB-BEB5-1B374934737F
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=EEBB4D4D-29D2-4247-8CBB-63A3B17585EC
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=CC383C24-B0F6-47C1-9E89-6A378B09E82F