Microsoft acknowledges Vista kernel elevation vulnerability

http://www.neowin.net/news/main/07/1...-vulnerability

---

What was not supposed to happen in Windows Vista apparently has: Despite
a layer of protection that was supposed to prevent against processes
elevating their own privileges, Microsoft now says someone found a way
to do it.

A Microsoft security bulletin written earlier this week but publicized
this morning cites security software engineers SkyRecon Systems as
having discovered a way for processes in both 32- and 64-bit versions of
Windows Vista to elevate their own privilege to administrator level.
This discovery would likely be the latest in several months to thwart
the designs of PatchGuard, Microsoft's series of measures for innovating
the design of the operating system kernel in the interest of thwarting
the most common attacks that

Its sad that there are some people who work 24/7 specifically to make life
difficult for computer users. No matter what is created to protect us, some
jackass is going to try to break it.

--
Mike Hall - MVP
http://msmvps.com/blogs/mikehall/default.aspx




"occam" <> wrote in message
news:...
> http://www.neowin.net/news/main/07/1...-vulnerability
>
> ---
>
> What was not supposed to happen in Windows Vista apparently has: Despite a
> layer of protection that was supposed to prevent against processes
> elevating their own privileges, Microsoft now says someone found a way to
> do it.
>
> A Microsoft security bulletin written earlier this week but publicized
> this morning cites security software engineers SkyRecon Systems as having
> discovered a way for processes in both 32- and 64-bit versions of Windows
> Vista to elevate their own privilege to administrator level. This
> discovery would likely be the latest in several months to thwart the
> designs of PatchGuard, Microsoft's series of measures for innovating the
> design of the operating system kernel in the interest of thwarting the
> most common attacks that

Mike Hall - MVP wrote:
> Its sad that there are some people who work 24/7 specifically to make
> life difficult for computer users. No matter what is created to protect
> us, some jackass is going to try to break it.
>

Ironically, Symantec made it public. A patch was released on Dec 11th so
calm down, Mike.

Alias

"Mike Hall - MVP" <> wrote in message
news:...
> Its sad that there are some people who work 24/7 specifically to make life
> difficult for computer users. No matter what is created to protect us,
> some jackass is going to try to break it.


So you think the security software engineers at SkyRecon Systems are
jackasses?

ss.

"Mike Hall - MVP" <> wrote in message
news:...
> Its sad that there are some people who work 24/7 specifically to make life
> difficult for computer users. No matter what is created to protect us,
> some jackass is going to try to break it.

Not everyone that does that wear black hats Mike. IIRC, some companies are
hired to do exactly what these people did. Identify the processes that are
broken. I know from personal experience that sometimes a set fresh eyes is
what you need to find and fix potential problems. If the white hat guys
don't...the black hats certainly WILL.

--
Ok, I admit it, I killed Barney!!
http://www.lockergnome.com/darksentinel
You know what to do with the munge

I think his point is not that this group necessarily was doing
anything bad.
More so that resources need to be invested doing this sort of thing
because of those so intent on making computer use difficult.

If those with malicious intent stopped, computer use could be far
cheaper and easier since malware and prevention of would not be an
issue.
Resources could then be spent at nearly 100% to improving the computer
experience rather than so much just to protect from those whose
purpose is disruption.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar



"DarkSentinel" <> wrote in
message news:8FFF087C-BB80-4A6C-9D7B-...
> "Mike Hall - MVP" <> wrote in message
> news:...
>> Its sad that there are some people who work 24/7 specifically to
>> make life difficult for computer users. No matter what is created
>> to protect us, some jackass is going to try to break it.
>
> Not everyone that does that wear black hats Mike. IIRC, some
> companies are hired to do exactly what these people did. Identify
> the processes that are broken. I know from personal experience that
> sometimes a set fresh eyes is what you need to find and fix
> potential problems. If the white hat guys don't...the black hats
> certainly WILL.
>
> --
> Ok, I admit it, I killed Barney!!
> http://www.lockergnome.com/darksentinel
> You know what to do with the munge
>
>

"Jupiter Jones [MVP]" <> wrote in message
news:...
> I think his point is not that this group necessarily was doing anything
> bad.
> More so that resources need to be invested doing this sort of thing
> because of those so intent on making computer use difficult.
>
> If those with malicious intent stopped, computer use could be far cheaper
> and easier since malware and prevention of would not be an issue.
> Resources could then be spent at nearly 100% to improving the computer
> experience rather than so much just to protect from those whose purpose is
> disruption.

Oh I agree 100%. I always wonder what these people could do if they put
their minds to it. As good as I am on the hardware and network side, I'd
like to be that good on the programming side.

--
Ok, I admit it, I killed Barney!!
http://www.lockergnome.com/darksentinel
You know what to do with the munge