Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Windows XP and 2003 local privilege escalation vulnerability

Published: 2007-11-06
Last Updated: 2007-11-06 13:42:25 UTC
by Maarten Van Horenbeeck (Version: 2)
1 comment(s)

Microsoft has an advisory and a blog entry up on a new vulnerability, CVE-2007-5587, in the Macrovision SECDRV.SYS driver. This file is included with Windows XP and Windows Server 2003.

It appears partial information on the vulnerability and exploit code has been in the wild since mid October, and it is being exploited in a limited number of incidents.

This is a local attack which allows privilege escalation to Ring 0 . However, this means it can be abused by those who are able to introduce and execute code on the system. Depending on the situation this could go beyond shared user environments as it could be delivered to a system using a variety of other attack vectors (browser exploits, e-mails, file format exploits).

While plans for an official Microsoft supplied patch are in the works, Macrovision has released an update from their website which allows you to mitigate this issue.

Maarten Van Horenbeeck

1 comment(s)
Diary Archives