#VU1320 Privilege escalation

Published: 2020-03-18

Vulnerability identifier: #VU1320

Vulnerability risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2009-0079


Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Windows Server
Operating systems & Components / Operating system
Operating systems & Components / Operating system

Vendor: Microsoft

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper isolation of processes in the RPCSS service. Accessing the computer under the context of a NetworkService or LocalService account an attacker can obtain privileged security tokens and execute code with privileges of SYSTEM account.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.

Note: this vulnerability was being actively exploited.

Install update from vendor's website:

Windows XP Service Pack 2 and Windows XP Service Pack 3:
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:

Vulnerable software versions

Windows Server: 2003

Windows: XP


External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability