Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232)

Yesterday, we reported about a new Windows Kernel vulnerability [1] . The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7) unless 16-bit application support is disabled. If exploited, the vulnerability will lead to privilege escalation.

Today, Microsoft released an official response in the form of a Security Advisory [2]. The advisory (KB Article 979682) states that Microsoft is investigating the report, and is not aware of any use of the vulnerability in current exploits.

According to Microsoft's list of vulnerable and non-vulnerable systems, 64 bit version of the Windows OS are not vulnerable, but 32 bit versions are. In part this is due to the fact that 64 bit versions of Windows do not include the vulnerable feature (16 bit compatibility).

The workaround outlined by Microsoft matches the workaround proposed in the advisory: Disable access to 16 bit applications. This should work well for the vast majority of systems. But be aware that there is a reason for this feature: Some old (very old) applications do require 16 bit support. This may in particular affect old custom software and support for odd hardware configurations. A standard office desktop should not require any 16 bit applications. As always: Test first.

The CVE number CVE-2010-0232 has been assigned to this issue [3].

[1] http://isc.sans.org/diary.html?storyid=8023
[2] http://www.microsoft.com/technet/security/advisory/979682.mspx
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0232 (not live yet as of this writing)

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Security West 2019

Johannes

3510 Posts
ISC Handler
For the love of god, isn't it time MS stopped supporting this old crap. Yes, they're scared of losing customers but their just as likely to lose them with stuff like this - fixing holes in 20 year old code!
Anonymous
Not everyone has thousands of dollars to replace their software. We still use Autocad R13 (16-bit)for CAD drawings because the company doesn't want to spend $2000 a PC to replace R13 with 2009.
Anonymous
Ditto here. We still use and old version of Ultra Master for control of drive motor servos on one of our printing presses here at work. Cost outweighs the need to stay up to date. Having to support an old Windows 95 machine. It's on a seg'd network with only specific TCP access in/out for exactly what we need.
GuenTech

16 Posts
Correction: Win 3.11 ... what was I thinking.
GuenTech

16 Posts

Sign Up for Free or Log In to start participating in the conversation!