Case study of recent Windows vulnerabilities (CONFidence 2010)


  • Language: English
  • Conference: CONFidence
  • Location: Kraków, Poland
  • Date: May 2010
  • Speaker(s): Mateusz ‘j00ru’ Jurczyk, Gynvael Coldwind



During the lecture we will demonstrate and explain recent Microsoft Windows vulnerabilities discovered by ourselves. At the time of CFP only one of these vulnerabilities is public (MS10-011), and the rest is scheduled to be patched in April (there are 7 total). A successful exploitation of these vulnerabilities leads to local privilege elevation or DoS conditions, and (mostly) only Windows up to XP/2003 are affected. Even though the exploitation of these vulnerabilities is not very practical (they are not of “click and you’re root” type), the way they work, from a technical point of view, may still be very interesting for other security researchers.