Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MS06-049: W2k Kernel Bug - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-049: W2k Kernel Bug

This is another privilege elevation vulnerability.

By exploiting this vulnerability, on MS own words: "...An attacker could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To attempt to exploit the vulnerability, an attacker must be able to log on locally to the system and run a program."

According to the advisory this occurs due an unchecked buffer bug that affects the Windows 2000 kernel.

Althought this vulnerability can only be exploited locally, we recommend you to test it and apply as soon as possible. As this vulnerability is already known for a while and by reading the advisory it really doenst look so hard to exploit it, so if you have systems running 2k, patch it!

Pedro Bueno ( pbueno //&&// isc. sans. org )

155 Posts
ISC Handler
Aug 8th 2006

Sign Up for Free or Log In to start participating in the conversation!