Windows local privilege escalation - Windows access control
On January 31st 2006, a paper was published by Sudhakar Govindavajhala and Andrew W. Appel at the
Princeton University titled Windows Access Control Demystified. It took the hacker tool developers just a few days to publicly release their first exploit referencing it. The exploit allows local escalation of privileges. On an OS typically used by users who are all administrators that might not be considered the biggest thing ever. Still, it should be fixed by all vendors involved.
Now for the average administrator it might seem nearly ridiculous that allowing just one right too many can escalate that user begin able to run an arbitrary executable with all local rights he could wish for. Worse the problem is so obscure that many applications including some made by Microsoft and bundled with Windows XP did have that one too many right in it (uPnP and SSDP). Not only did they goof on it, so did Adobe, AOL, Macromedia and probably a few more.
I cannot help but notice the whole system of access control used in windows is rather complex and that might very well be the core of the problem. KISS is after all a principle that has proven through the years to work best in many cases.
Anyway that document and its implications are mandatory reading if you want to take away local admin rights of any user with any success. The consequence is as well that installing any software for any user needs to be done with extreme caution and security verification. Even is that one user needing the extra software is not your most restricted user, it still needs the full verification.
It is also mandatory for any developer making any application to understand this fully.
And as I said, I don't think it's easy to fully comprehend.
--
Swa Frantzen
Princeton University titled Windows Access Control Demystified. It took the hacker tool developers just a few days to publicly release their first exploit referencing it. The exploit allows local escalation of privileges. On an OS typically used by users who are all administrators that might not be considered the biggest thing ever. Still, it should be fixed by all vendors involved.
Now for the average administrator it might seem nearly ridiculous that allowing just one right too many can escalate that user begin able to run an arbitrary executable with all local rights he could wish for. Worse the problem is so obscure that many applications including some made by Microsoft and bundled with Windows XP did have that one too many right in it (uPnP and SSDP). Not only did they goof on it, so did Adobe, AOL, Macromedia and probably a few more.
I cannot help but notice the whole system of access control used in windows is rather complex and that might very well be the core of the problem. KISS is after all a principle that has proven through the years to work best in many cases.
Anyway that document and its implications are mandatory reading if you want to take away local admin rights of any user with any success. The consequence is as well that installing any software for any user needs to be done with extreme caution and security verification. Even is that one user needing the extra software is not your most restricted user, it still needs the full verification.
It is also mandatory for any developer making any application to understand this fully.
And as I said, I don't think it's easy to fully comprehend.
--
Swa Frantzen
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments