Information
- Language: English
- Conference: CONFidence
- Location: Kraków, Poland
- Date: May 2010
- Speaker(s): Mateusz ‘j00ru’ Jurczyk, Gynvael Coldwind
Slides
Abstract
During the lecture we will demonstrate and explain recent Microsoft Windows vulnerabilities discovered by ourselves. At the time of CFP only one of these vulnerabilities is public (MS10-011), and the rest is scheduled to be patched in April (there are 7 total). A successful exploitation of these vulnerabilities leads to local privilege elevation or DoS conditions, and (mostly) only Windows up to XP/2003 are affected. Even though the exploitation of these vulnerabilities is not very practical (they are not of “click and you’re root” type), the way they work, from a technical point of view, may still be very interesting for other security researchers.
Resources
- Blog post – CONFidence 2010 is over
- Advisory – Windows CSRSS Local Privilege Elevation Vulnerability (CVE-2010-0023)
- Advisory – Windows Kernel Null Pointer Vulnerability (CVE-2010-0234)
- Advisory – Windows Kernel Symbolic Link Value Vulnerability (CVE-2010-0235)
- Advisory – Windows Kernel Memory Allocation Vulnerability (CVE-2010-0236)
- Advisory – Windows Kernel Symbolic link Creation Vulnerability (CVE-2010-0237)
- Advisory – Windows Kernel Symbolic link Information Disclosure (CVE-2010-0237)
- Advisory – Windows Kernel Registry Key Vulnerability (CVE-2010-0238)