One-Year-Old (Unpatched) Windows 'Token Kidnapping' Under Attack
Ryan Naraine writes on the ZDNet "Zero Day" Blog:
Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows (including Vista and Windows Server 2008), the issue remains unpatched and now comes word that there are in-the-wild exploits circulating.More here.
The vulnerability, called token kidnapping [.pdf], was originally discussed last March by researcher Cesar Cerrudo and led to Microsoft issuing an advisory with workarounds. Five months later (October 2008), Cerrudo released a proof-of-concept in an apparent effort to nudge Microsoft into patching but the company has not yet released a fix.
Now comes word from the SANS ISC (Internet Storm Center) that the flaw is being used in a blended attack against an unknown target. Incident handler Bojan Zdrnja discovered the token kidnapping component of the the attack while doing post-infection forensics...