Windows debugger is, er, buggy

Discussion in 'other security issues & news' started by spy1, May 23, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    http://www.theregus.com/content/55/25023.html

    By John Leyden
    Posted: 05/23/2002 at 06:50 EST

    Microsoft has admitted that its Windows debugging facility is itself subject to a security bug.

    In an advisory issued yesterday, Microsoft admitted the authentication mechanism for the debugging facility is flawed in a way that allows unauthorised programs to gain access to the debugger.

    The upshot of this is, providing an attacker can log-in to a target machine - and that's a big if - a cracker can screw your Windows box six ways to Sunday.

    If they obtain access either directly to a console or through a terminal session, crackers might be able to run code of their choice. Microsoft suggests a few possibilities might include "deleting data, adding accounts with administrative access, or reconfiguring the system" (isn't all this built into XP anyway? - Ed).

    No surprise then that Microsoft describes a patch it has issued to fix the flaw as of "critical" importance for client systems. You can find more information on the problem, and links to the patch here : http://www.microsoft.com/technet/security/bulletin/MS02-024.asp .

    TechNote
    The Windows debugging facility "provides a means for programs to perform diagnostic and analytic functions on applications as they are running on the operating system," Microsoft explains.

    "One of these capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs."
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Weird! - why on Earth would Microsoft need a debugger?   :D :D :D :D :D :D :D :D
     
Loading...
Thread Status:
Not open for further replies.