Microsoft debugging tool allows elevated access privileges
Security services provider iDefense has discovered a vulnerability in Microsoft's DebugView analysis tool that can be exploited by users who are logged onto a system with restricted privileges to obtain system privileges. The tool is used to monitor system debug messages and was originally developed by Sysinternals, which was absorbed by Microsoft last year along with its complete tool collection.
DebugView uses functions in the dbgv.sys kernel module which can be used to copy user data to arbitrary memory locations. According to the security advisory, this ability can be exploited by attackers to write code to kernel memory and execute this code. Unfortunately the driver can be addressed by any user once it has been loaded by an administrator via DebugView. Rebooting is required to resolve the problem.
The bug was discovered in dbgv.sys version 18.104.22.168, included in DebugView 4.64. Microsoft has released DebugView 4.72 which fixes this bug.
- Microsoft DebugView Privilege Escalation Vulnerability, security advisory from iDefense