Password privilege exploit on Windows operating systems

CyberArk Software : 15 January, 2008 (Technical Article)

Flaw in Windows local procedure call enabling users to increase privileges has now been patched by Microsoft.

Cyber-Ark has warned companies to be on their guard against a potentially serious password security issue on the Windows 2000, XP and 20003 server operating system platforms.

'The security flaw, discovered by SkyRecon, centres on the Windows Local Procedure Call interface, and is similar to the problems exploited by the Sasser worm back in 2004,' said Calum Macleod, Cyber-Ark's European director.

According to Macleod, elevated password privilege flaws are nothing new and actually date back to the 1980s on networked and distributed computer systems of that era.

'There was a relatively famous security flaw on the DEC 10 computer systems in the mid-1980s that allow users and/or their programs to hop between different IDs and elevate their user privileges on an incremental basis,' said Macleod.

'Fortunately for DEC 10 system managers, most of whom where in the education sector, the flaw was exploited by hackers to allow them to use extra system resources to play multi-user games during office hours, rather than anything malicious,' he added.

Macleod went on to say that this latest security flaw, which Microsoft has patched, exploits a loophole in the Local Security Authority Subsystem Service process, which is normally used to manage user privileges within Windows.

'As such it allows hackers to escalate their levels of system access, just as their counterparts did in the mid-1980s, but hackerdom has changed immensely in the last two decades, with criminals now pulling the strings,' he said.

'As a result, it is imperative that IT managers keep their security software bang up to date, as well as review the degree of protection they afford their databases,' he added

Read More News from CyberArk Software

Read More News for IT Security

Read More News for Anti Fraud software