Microsoft acknowledges Vista kernel elevation vulnerability
What was not supposed to happen in Windows Vista apparently has: Despite a layer of protection that was supposed to prevent against processes elevating their own privileges, Microsoft now says someone found a way to do it.
A Microsoft security bulletin written earlier this week but publicized this morning cites security software engineers SkyRecon Systems as having discovered a way for processes in both 32- and 64-bit versions of Windows Vista to elevate their own privilege to administrator level.
This discovery would likely be the latest in several months to thwart the designs of PatchGuard, Microsoft's series of measures for innovating the design of the operating system kernel in the interest of thwarting the most common attacks that plagued Windows XP. Last February, PatchGuard was theoretically defeated, using methodology made public by, ironically, Symantec.
Precise details of this latest vulnerability have not been released by either Microsoft or SkyRecon, most likely to protect the system. However, security engineers who have communicated with SkyRecon report the problem involves the Advanced Local Procedure Call (ALPC) system, which was updated for Vista to take advantage of the new kernel setup. Apparently a legacy provision for handling local procedure calls (as opposed to remote procedure calls, or RPCs) made the old-fashioned way, gave improper feedback which could be used in an exploit.
Microsoft has issued a security patch that addresses the ALPC issue.