A serious hole in Windows NT and Windows 2000 allows any user (even
"guest") to gain complete control of the machine. This bug -- called a
"privilege escalation" vulnerability -- is particularly worrisome,
because it does more than open the system to attacks from its own users.
It also amplifies the dangers associated with other security holes that
Microsoft has dismissed as not being serious. Why? Because an intruder
who gains entry to a system as an unprivileged user can obtain
administrator privileges and take over.
The exploit doesnt use esoteric techniques such as buffer overflows; in
fact, it uses only the operating systems standard, documented debugging
interface. This interface allows one program (a debugger) to gain control
of another (a program under test) so that the behavior of the latter can
be observed and/or altered. Alas, NT and Win2K allow any program
to control any other; an unprivileged user can thus gain control of a
privileged program and bend it to his or her will.
Safeguards against such exploits have long been present in UNIX and were
mentioned in Microsofts recent DRM patent. (Ironically, Microsoft did
not implement the commonsense security mechanisms it "rediscovered" and
managed to patent despite long standing prior art.)
The discoverers public announcement of the bug (first link below)
contains not only a complete description of the problem but a sample
exploit. One would think that this would have put Microsoft on "red
alert," but -- amazingly -- the software giant has released neither an
advisory nor a patch. Fortunately, third parties have already created
fixes that administrators can apply to their systems. (See the second
link below for details.)
FOR FURTHER READING:
Note: We are -- as far as we know -- the first media outlet to cover
this bug, but details and exploits have been circulating in hacker
circles for at least two weeks. So, be sure to patch your NT and Win2K
systems ASAP.
Windows & Interoperability News & Reviews 
