Windows privilege escalation vulnerability due to faulty driver
A faulty driver in Windows XP SP2 and Windows Server 2003 SP1 allows users with restricted access privileges to gain system privileges. The vulnerability is caused by a buffer overflow in the secdrv.sys driver which, according to Symantec, is a component of Macrovision's SafeDisc copy protection. The file is shipped with Windows. Using specially crafted parameters an attacker can inject malicious code into memory and start with system privileges.
According to Symantec, the vulnerability is already being exploited, although attackers need to have direct access to a system. Microsoft has apparently already been informed about the problem, but no patch has so far become available. Although Symantec has not released any details about the vulnerability there are several blogs which discuss the flaw and also offer an exploit demonstrating the vulnerability.
Home users are generally less affected by privilege escalation vulnerabilities since they usually have full system privileges anyway. For corporate system administrators, however, Symantec recommends restricting access to systems and services for all accounts except those with administrator privileges. Presently, Vista does not seem to be affected by the problem.
- Privilege Escalation Exploit In the Wild, Symantec advisory
- Symantec warns of local privilege escalation 0Day in Windows.Busted, blog entry on reversemode.com
- Macrorisión - Windows XP/2k3 0Day, Spanish language blog entry on 48Bits.com