Vigil@nce: Windows, privilege elevation via Windows Partition Manager
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can access to the Windows Partition Manager, in
order to execute code with system privileges.
– Severity: 2/4
– Creation date: 09/05/2012
IMPACTED PRODUCTS
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
DESCRIPTION OF THE VULNERABILITY
The Windows Partition Manager (partmgr.sys) processes partitions,
and associates them with an identifier. It can be called
automatically (Plug and Play).
When a local attacker creates two processes calling simultaneously
the Partition Manager, a synchronization error occurs.
A local attacker can therefore access to the Windows Partition
Manager, in order to execute code with system privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-Windows-Partition-Manager-11598