BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Windows Kernel Privilege Escalation

Disclosed November 27, 2013    No Patch Available

Vulnerability Description:

An elevation of privilege vulnerability exists in Windows, such that an attacker can execute a program as a normal user and escalate their privileges to kernel rights. This has been exploited in the wild.

Vendors:

Microsoft

Vulnerable Software/Devices:

Windows XP
Windows Server 2003

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Elevation of Privilege
Local Elevation of Privilege Local attackers exploiting this vulnerability will be able to elevate their privileges to the context of the kernel. Attackers will likely leverage this to hide their presence on the compromised system.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 32492 - Microsoft Windows Kernel Privilege Escalation (2914368)

Mitigation:

Apply MS14-002. Otherwise, you may use the mitigation below:

To block attacks seen in the wild, reroute the NDProxy service to Null.sys.

Note that this will break functionality dependent on Windows Telephony Application Programming Interfaces. This includes Remote Access Service, dial-up networking, and virtual private networking.

Links:

CVE(s):

None