Unpatched Windows local privilege escalation vulnerability is being exploited

http://blogs.zdnet.com/security/?p=2894

 

Hello MrBrian,

Have you figured out what danger there is to home users from this?

A friend called my attention to the ISC diary last Friday where the exploit was analyzed, and she noted that only Servers were mentioned. But the Microsoft Advisory includes WinXP SP2, Windows Vista, etc, so one Suggested Action is Disabling the Distributed Transaction Coordinator:



In digging further, we got the Churrasco PoC files and evidently the hacker compiles an executable, then the command listed in the Diary:

Code:

/Churrasco/-->Usage: Churrasco2.exe ipaddress port

We concluded that the exploit would fail at this point on a properly protected system. The next stage of downloading another trojan executable and a keylogger would also fail.

Did you get anything else out of this to suggest that home users have any worries about this exploit?
There is not a lot of information out there about this.

----
rich

 

It would seem the issue is that if a bad guy is able to get code to run on a system (for example, by exploiting the current Adobe Reader issue), then by this local privilege escalation the bad guy would get total control of the machine. If your users are already running Anti-Executable though, then the ability to get code to run in the first place would be denied, so the user would be safe.