#VU1317 Privilege escalation in Windows and Windows Server - CVE-2008-1436
Published: December 14, 2016 / Updated: February 1, 2017
Vulnerability identifier: #VU1317
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2008-1436
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper security restrictions on security tokens in the Microsoft Distributed Transaction Coordinator (MSDTC) service. By sending a specially crafted request to the MSDTC service, an attacker can access privileged security tokens and execute code with privileges of SYSTEM account.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Note: this vulnerability was being actively exploited.
The weakness exists due to improper security restrictions on security tokens in the Microsoft Distributed Transaction Coordinator (MSDTC) service. By sending a specially crafted request to the MSDTC service, an attacker can access privileged security tokens and execute code with privileges of SYSTEM account.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Note: this vulnerability was being actively exploited.
Remediation
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyID=52B756E7-636F-4D9E-8A17-DBF467BFBE4D
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyID=90FE715E-8190-43E9-9C43-DF5BE564D923
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=A794C32A-9A0C-47D9-9C57-FF5D4A8E4944
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=25ADEC10-DB8C-4CAC-BF74-2C784678150A
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=B014C399-F404-4CB2-8F9D-864DF382EFEB
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=6ADA372B-BA17-433E-B022-D2C57B35AF8A
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=F111B99A-E555-4F29-8D1F-E9EC03D5CF1F
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=FA153BDC-6B48-4DF2-9E5E-ABACD6DA782C
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9E3C7B52-65A7-42FB-BEB5-1B374934737F
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=EEBB4D4D-29D2-4247-8CBB-63A3B17585EC
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=CC383C24-B0F6-47C1-9E89-6A378B09E82F
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyID=52B756E7-636F-4D9E-8A17-DBF467BFBE4D
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyID=90FE715E-8190-43E9-9C43-DF5BE564D923
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=A794C32A-9A0C-47D9-9C57-FF5D4A8E4944
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=25ADEC10-DB8C-4CAC-BF74-2C784678150A
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=B014C399-F404-4CB2-8F9D-864DF382EFEB
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=6ADA372B-BA17-433E-B022-D2C57B35AF8A
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=F111B99A-E555-4F29-8D1F-E9EC03D5CF1F
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=FA153BDC-6B48-4DF2-9E5E-ABACD6DA782C
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9E3C7B52-65A7-42FB-BEB5-1B374934737F
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=EEBB4D4D-29D2-4247-8CBB-63A3B17585EC
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=CC383C24-B0F6-47C1-9E89-6A378B09E82F