[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] EEYE: Windows VDM #UD Local Privilege Escalation
- To: KF_lists <kf_lists@xxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] EEYE: Windows VDM #UD Local Privilege Escalation
- From: David Maynor <dmaynor@xxxxxxxxx>
- Date: Wed, 13 Oct 2004 19:05:04 -0400
Its not that ISS doesn't feel like its a problem, its just when you
let an attacker get to the point where they could run a local attack
its game over. ISS's goal is to stop the attacker from getting close
enogh to execute a local attack.
On Wed, 13 Oct 2004 10:30:27 -0400, KF_lists <kf_lists@xxxxxxxxxxxxx> wrote:
> ISS would like to have you believe otherwise... when I contacted them
> about the Local SYSTEM escalation in BlackICE we went in circles over
> the fact that I feel that taking local SYSTEM on a win32 box IS a
> problem and they don't. They tryed to say some crap like "in all our
> years in the industry we have never had a customer state that local
> windows security was a concern... blah blah (paraphrasing)". And
> something along the lines of "Windows is not a true multi-user system
> (like unix) so local escalation means nothing."
>
> -KF
>
>
>
> > Also, at least in MS Windows, it's my personal feeling that local
> > privilege escalation issues (particularly escalation to kernel or system
> > status) should be critical issues. Whether people can run arbitrary
> > code on MS Windows systems these days isn't an exercise for the mind
> > anymore, it's an exercise of "go look at your neighbors computer and see
> > that it's done regularly".
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html