An elevation of privilege vulnerability exists in Windows, such that an attacker can execute a program as a normal user and escalate their privileges to kernel rights. This has been exploited in the wild.
Windows Server 2003
Elevation of Privilege
Local Elevation of Privilege Local attackers exploiting this vulnerability will be able to elevate their privileges to the context of the kernel. Attackers will likely leverage this to hide their presence on the compromised system.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 32492 - Microsoft Windows Kernel Privilege Escalation (2914368)
Apply MS14-002. Otherwise, you may use the mitigation below:
To block attacks seen in the wild, reroute the NDProxy service to Null.sys.
Note that this will break functionality dependent on Windows Telephony Application Programming Interfaces. This includes Remote Access Service, dial-up networking, and virtual private networking.