Unpatched Windows local privilege escalation vulnerability is being exploited

Discussion in 'other security issues & news' started by MrBrian, Mar 16, 2009.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello MrBrian,

    Have you figured out what danger there is to home users from this?

    A friend called my attention to the ISC diary last Friday where the exploit was analyzed, and she noted that only Servers were mentioned. But the Microsoft Advisory includes WinXP SP2, Windows Vista, etc, so one Suggested Action is Disabling the Distributed Transaction Coordinator:

    DTSservice.gif

    In digging further, we got the Churrasco PoC files and evidently the hacker compiles an executable, then the command listed in the Diary:

    Code:
    /Churrasco/-->Usage: Churrasco2.exe ipaddress port
    
    We concluded that the exploit would fail at this point on a properly protected system. The next stage of downloading another trojan executable and a keylogger would also fail.

    Did you get anything else out of this to suggest that home users have any worries about this exploit?
    There is not a lot of information out there about this.

    ----
    rich
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It would seem the issue is that if a bad guy is able to get code to run on a system (for example, by exploiting the current Adobe Reader issue), then by this local privilege escalation the bad guy would get total control of the machine. If your users are already running Anti-Executable though, then the ability to get code to run in the first place would be denied, so the user would be safe.
     
Loading...
Thread Status:
Not open for further replies.