Windows Security Update Targets Elevation of Privilege Attacks

Microsoft is continuing its investigation into a vulnerability that could allow hackers to gain superuser privileges on various flavors of the Windows OS.

Microsoft this week is continuing its ongoing investigation into what it calls "new public reports" of a vulnerability that could allow hackers to gain superuser privileges through LocalSystem in Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Redmond late last week issued a Security Advisory adding Windows XP Professional Service Pack 3 to the list of affected software. The advisory provides IT pros with some guidance and workarounds to help avoid a vulnerability that may allow elevation-of-privilege attacks.

The software giant said it is considering other actions, including the provision of a "security update" via its monthly Patch Tuesday security rollout.

This latest update involves a highly technical attack vector similar in scope to a patch released in last April's slate, where a local privilege-escalation vulnerability affected the Windows kernel due to improper validation of user-mode input. In the same manner, with this advisory, an attacker who has gained local access can change user parameters and exploit this issue to execute code with elevated permissions.

Microsoft said in its advisory that administrators that allow customized code to "run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server," should take a look at the advisory.

Off-site server hosting providers running Windows programs may also face increased risk, Microsoft added.

Potential workarounds include log-in and process monitoring specifically in Internet Information Services. Administrators can do this by creating a Worker Process Identity through the ISS manager function in Windows. The same can be done in SQL Server with the database administrator keeping track of users and changes to fields and access privileges.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.