Google researcher discloses zero-day exploit for Windows

June 4, 2013 – 1:32 PM

Google security expert Tavis Ormandy has discovered a security vulnerability in Windows which can be exploited by any user on the system to obtain administrator privileges. Rather than reporting the vulnerability to Microsoft, he posted details to the Full Disclosure security mailing list in mid-May and has now published an exploit to the same mailing list.

Ormandy is a familiar figure in the security world. In recent years, the security expert has discovered many different vulnerabilities. He has also been known to take the shortest route when it comes to sharing information on vulnerabilities he has discovered: full disclosure, meaning rapid publication without informing the organisation behind the vulnerable software beforehand.

With this latest vulnerability, Ormandy once more opted for full disclosure on the mailing list of the same name. After discovering a bug in the Windows kernel’sEPATHOBJ::pprFlattenRec function, he wrote to the list: “I don’t have much free time to work on silly Microsoft code” and solicited ideas on how to successfully exploit the bug. With the help of user progmboy, Ormandy then developed a privilege escalation exploit which he shared with the mailing list, noting that another exploit was already in circulation.

The H‘s associates at heise Security were able to use the exploit to reproduce the problem. If the file is opened, it launches a command line which can be used to run arbitrary commands with system privileges, irrespective of the user’s own privileges – even a guest account can be used.


You must be logged in to post a comment.