Monday, March 16, 2009

One-Year-Old (Unpatched) Windows 'Token Kidnapping' Under Attack

Ryan Naraine writes on the ZDNet "Zero Day" Blog:

Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows (including Vista and Windows Server 2008), the issue remains unpatched and now comes word that there are in-the-wild exploits circulating.

The vulnerability, called token kidnapping [.pdf], was originally discussed last March by researcher Cesar Cerrudo and led to Microsoft issuing an advisory with workarounds. Five months later (October 2008), Cerrudo released a proof-of-concept in an apparent effort to nudge Microsoft into patching but the company has not yet released a fix.

Now comes word from the SANS ISC (Internet Storm Center) that the flaw is being used in a blended attack against an unknown target. Incident handler Bojan Zdrnja discovered the token kidnapping component of the the attack while doing post-infection forensics...

More here.


Post a Comment

<< Home