Windows token kidnapping returns to haunt Microsoft

[nsane.forums]

Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon. More than a year after Microsoft issue a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7.

Cesar Cerrudo, founder and CEO of Argeniss, a security consultancy firm based in Argentina, first reported the token kidnapping hiccup to Microsoft in 2008 and after waiting in vain for a patch, he released the details during the Month of Kernel Bugs project.

The flaw would eventually be exploited in active attacks, leading to a mad scramble at Redmond to come up with a fix and a subsequent disclosure flap that exposed Microsoft as the irresponsible party.

This year, Cerrudo plans a new talk titled “Token Kidnapping’s Revenge” where he will discuss how attackers can even bypass certain Windows services protections.

View: Original Article