Flaw in Windows Message Handling through Utility Manager
Results 1 to 3 of 3

Thread: Flaw in Windows Message Handling through Utility Manager

  1. #1

    Flaw in Windows Message Handling through Utility Manager

    Title: Flaw in Windows Message Handling through Utility
    Manager Could Enable Privilege Elevation (822679)
    Date: 09 July 2003
    Software: Microsoft(r) Windows (r) 2000
    Impact: Privilege Elevation
    Max Risk: Important
    Bulletin: MS03-025

    Microsoft encourages customers to review the Security Bulletins
    at:
    http://www.microsoft.com/technet/sec...n/MS03-025.asp
    http://www.microsoft.com/security/se...s/ms03-025.asp
    - - - ---------------------------------------------------------------

    Issue:
    ======

    Microsoft Windows 2000 contains support for Accessibility options
    within the operating system. Accessibility support is a series of
    assistive technologies within Windows that allow users with
    disabilities to still be able to access the functions of the
    operating system. Accessibility support is enabled or disabled
    through shortcuts built into the operating system, or through the
    Accessibility Utility Manager. Utility Manager is an
    accessibility utility that allows users to check the status of
    accessibility programs (Microsoft Magnifier, Narrator, On-Screen
    Keyboard) and to start or stop them.

    There is a flaw in the way that Utility Manager handles Windows
    messages. Windows messages provide a way for interactive
    processes to react to user events (for example, keystrokes or
    mouse movements) and communicate with other interactive
    processes. A security vulnerability results because the control
    that provides the list of accessibility options to the user does
    not properly validate Windows messages sent to it. It's possible
    for one process in the interactive desktop to use a specific
    Windows message to cause the Utility Manager process to execute a
    callback function at the address of its choice. Because the
    Utility Manager process runs at higher privileges than the first
    process, this would provide the first process with a way of
    exercising those higher privileges.

    By default, the Utility Manager contains controls that run in the
    interactive desktop with Local System privileges. As a result, an
    attacker who had the ability to log on to a system interactively
    could potentially run a program that could send a specially
    crafted Windows message upon the Utility Manager process, causing
    it to take any action the attacker specified. This would give the
    attacker complete control over the system.

    The attack cannot be exploited remotely, and the attacker would
    have to have the ability to interactively log on to the system.


    Mitigating factors:
    ====================

    - An attacker would need valid logon credentials to exploit the
    vulnerability. It could not be exploited remotely.

    - Properly secured servers would be at little risk from this
    vulnerability. Standard best practices recommend only allowing
    trusted administrators to log on to such systems interactively;
    without such privileges, an attacker could not exploit the
    vulnerability.

    Risk Rating:
    ============
    Important

    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read
    the Security Bulletins at

    http://www.microsoft.com/technet/sec...n/ms03-025.asp
    http://www.microsoft.com/security/se...s/ms03-025.asp

    for information on obtaining this patch.
    Insert whitty tagline right here.

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Posts
    109
    This is yet another example of a core design flaw in NT. Messages are the primary way that windows interfaces receive user input. Good security practice suggests that all user input should be authenticated and sanitized before accepting it. Microsoft just doesn't know how to follow the simple things but bundles a bunch of security "tools" and "features" with its operating systems to try to disguise low level problems with high level tools. That just doesn't work out.

    And, since I'm on a soapbox, Microsoft couldn't even do the firewall thing right because it had to give any local program the ability to modify firewall rules. WTF?
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  3. #3
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    I don't think this a "core design" flaw as you put it, and the vulnerability is not exploited through user input. The flaw allows a Windows interactive API to send a specially crafted message to the Utility Manager forcing code execution. The problem is a failure to check windows messages(specifically a LVM_SORTITEMS ) sent to the utility control for sanity and authentication. This is not a core flaw, but only a design flaw in the Utiliy Manager itself as well as fairly difficult to discover and exploit. This is no more a core flaw than any buffer overflow exploits available on any OS.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides