BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Malware Protection Engine Privilege Escalation

Disclosed February 23, 2011    Fully Patched

Vulnerability Description:

Microsoft Windows Malicious Software Removal Tool contains a vulnerability when handling a specially crafted registry key. Successful exploitation could allow execution of arbitrary code in the context of the LocalSystem account.

Vendors:

Microsoft

Vulnerable Software/Devices:

Malicious Software Removal Tool

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Elevation of Privilege
Local elevation of privileges to Local System rights Attackers exploiting this vulnerability would be seeking to gain kernel-level access to a machine. It would need to be used in combination with some other exploit to initially gain access to the system since this privilege escalation vulnerability is only locally exploitable. After exploiting the vulnerability, the attacker would have gained the ability to execute code with Kernel level privileges.

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
    • Retina Audit 14258 - Microsoft Malicious Software Removal Tool Privilege Escalation (2491888)

Mitigation:

Install the appropriate definition update from Microsoft or through Windows/Microsoft Update.

Links:

CVE(s):

None

Leave a Reply