February 16th, 2010

It rather involved being on the other side of this airtight hatchway: Dubious escalation

Consider this type of dubious security vulnerability:

There is a buffer overflow bug in kernel driver X. To exploit it, call this function with these strange parameters. The exploit works only if you are logged on as administrator, because non-administrators will get ERROR_ACCESS_DENIED.

Yes, this is a bug, and yes it needs to be fixed, but it’s not a security bug because of that only if you are logged on as an administrator clause.

It’s another variation of the dubious elevation to administrator vulnerability. After all, if you’re already an administrator, then why bother attacking kernel mode in this complicated way? Just use your administrator powers to do whatever you want to do directly. You’re an administrator; you already pwn the machine. All you’re doing now is flexing your muscles showing how cleverly you can take down a machine that’s already yours.

Topics
Other

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.