Presentation Title: Token Kidnapping
Presentation Details:
This presentation is about a new technique for elevating privileges on Windows mostly from services, this technique exploits design weaknesses in Microsoft Windows XP, 2003, Vista and even Windows 2008. While in Windows vista and 2008 many new security protections have been added, because the weaknesses some of the new protection mechanisms are almost useless.
It will be explained how it’s possible in Windows XP and 2003 to elevate privileges to LOCAL SYSTEM from any process that has impersonation rights, and in Windows Vista and Windows 2008 how to elevate privileges to LOCAL SYSTEM from processes running under NETWORK SERVICE and LOCAL SERVICE accounts demonstrating that running code under NETWORK SERVICE or LOCAL SERVICE is non sense since always it’s possible to end up running code under LOCAL SYSTEM account. It will be showed 0day code for elevating privileges in SQL Server and Internet Information Services.
-----------------------
Compare that to the Windows Advisory release.
Sounds right on the money.
Thanks to K for the heads up.
UPDATE (4/19/2008) 2:23PM CST - Cesar posted the following message on several mailing list today.
Token Kidnapping (Microsoft Security Advisory 951306) presentation available
Presentation is available at:
http://www.argeniss.com/research/TokenKidnapping.pdf
Exploit code won't be released for a while due to
Microsoft request.
Enjoy.
Cesar.
No comments:
Post a Comment