Flutterby™! : Windows privilege escalation

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Windows privilege escalation

2002-08-07 17:12:26+00 by Dan Lyke 1 comments

[ related topics: Humor Microsoft moron ]

comments in ascending chronological order (reverse):

#Comment made: 2002-08-07 21:26:40+00 by: meuon [edit history]

Andrew (drewcifer) was demonstrating using these techniques this morning at GeekLabs (the back room). Scary stuff, especially if you can get someone (machine or human) into executing a little code from remote. Something that does not seem hard in MS-User-Land. It also appears to be a problem at the very foundation of the Win32API and may be un-fixable.

As soon as a widespread explot exists (Can you say Outlook Worm?), then Microsoft will be forced to deal with it. But they supposedly mentioned this problem months ago when MS admitted their were flaws in MS-Land that 'threatened national security'.

My first implementation would be (if I wrote MS-code) a version that attacks computers running PC-Charge and ICVerify that fills in all boxes with someone elses credit card number.. Just for grins :)