Windows XP Task Scheduler Local Privilege Escalation (Advisory)
- From: zipk0der <zipk0der@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 11 Jun 2006 17:53:43 -0700
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Advisory: Windows XP Task Scheduler Local Privilege Escalation
=
= Author: Daniel Hückmann (zipk0der) zipk0der@xxxxxxxxxxxxxxxxxxxx
=
= Released at: http://www.pandora-security.com
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1. Overview.
In Windows XP, the task scheduler service runs as "SYSTEM" (local service);
this is akin to running cron as root. Any processes spawned by the
task scheduler
inherit "SYSTEM" permissions. Using command line tools, we can kill the Windows
desktop (explorer.exe) and restart it running under "SYSTEM". Once running under
"SYSTEM" we have full control of the machine, and can do things even
Administrators
can't. Also included is a recommended fix. Read the full paper at the
link below.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Direct link to the original paper discussing this issue in detail...
http://www.pandora-security.com/forum/viewtopic.php?t=2093
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sincerely,
Daniel Hückmann - R&D Director, Pandora Security
- Follow-Ups:
- Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory)
- From: Eliah Kagan
- Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory)
- Prev by Date: ThWboard 3.0 <= SQL Injection
- Next by Date: Stargazer.org - XSS with Session output
- Previous by thread: ThWboard 3.0 <= SQL Injection
- Next by thread: Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory)
- Index(es):
Relevant Pages
|
