SkyRecon Identifies Two Kernel-Level Windows Vulnerabilities
October 2008 by SkyRecon
SkyRecon Systems announced that its research team has uncovered two kernel-level vulnerabilities – CVE-2008-2252 and CVE-2008-3464 – both located in multiple versions of the Microsoft® Windows® operating system.
The Microsoft Windows kernel is the virtual interface between the hardware and the operating system, providing administrative control over multiple subsystems, processes, and memory. Some of the subsystems are designed run within the kernel space, providing direct access to the other kernel-level services directly through the operating system layer. Compromise of the kernel via one of the kernel-level subsystems could expose the system to further compromise, such as a root-kit injection that could lead to hi-jacking and remote control of the endpoint.
“These are two important vulnerabilities that our research team has identified and that are being patched this month” said Thomas Garnier, Senior Research Engineer at SkyRecon Systems. “During our ongoing security research of the Windows kernel environment and our passionate desire to protect the Windows business environment, we found these two important vulnerabilities which could be used to increase privileges for the compromised subsystem, effectively granting local access to every component of the system – both hardware and software.”
Both vulnerabilities – CVE-2008-2252 and CVE-2008-3464 – affect the kernel in the following 32-bit, 64-bit, and Itanium versions of the Windows operating systems: Windows XP Professional, Windows 2000 Server, and Windows 2003 Server. Vulnerability CVE-2008-2252 affects Windows Vista as well. CVE-2008-2252 is located in the graphical kernel interface while CVE-2008-3464 is located in the network kernel interface subsystem areas. If exploited, either vulnerability could allow for a local escalation of privilege, and ultimately, system compromise.