Vista Opened to Local Privilege Escalation

Issues related to privilege escalations in Windows Vista are nothing new. In fact, Microsoft is well aware of the limitations of the User Account Control. The fact of the matter is that Microsoft does not implement security boundaries with the UAC, and as such, there is a range of potential attacks that will speculate this issue.

In Windows Vista the two main avenues of attacks for privilege escalation are the lack of security boundaries and the legacy Windows Control Panel plug-ins with full administrative privileges. Microsoft has downplayed the relevance of these issues referring to them as implementation bugs, and dismissing the perspective of security vulnerabilities.

The privilege escalation vulnerability reported by eEye Digital Security to Microsoft on January 19, 2006 falls under this category. "A main security feature added to Vista is that regular users have a lower level of privileges", explained Marc Maiffret, co-founder and chief hacking officer of eEye Digital Security told InformationWeek. "They have fewer privileges in Vista than they did in Windows XP. When regular users are running the operating system, they have regular user-level access, but with this vulnerability, you can elevate yourself to system-level access. Any normal user can do anything they want to the system."

According to eEye Digital Security, the vulnerability does not allow for remote code execution, and therefore the level of customer exposure is low. In this regard, the privilege escalation vulnerability has received only a medium severity rating. "If it was coupled with a virus or a different remote vulnerability, it would be a lot more serious," Maiffret added for InformationWeek. "Viruses are very prevalent and there are plenty of other vulnerabilities you can couple it with. In a real world context, it's high because there are a lot of other things you can couple it with to make it pretty nasty. On its own, though, it's only medium."