Data vaulting and security specialist Cyber-Ark is warning manufacturers to be on their guard against a potentially serious password security issue on the Windows 2000, XP and 20003 server operating system platforms.
“The security flaw, discovered by SkyRecon, centres on the Windows Local Procedure Call interface, and is similar to the problems exploited by the Sasser worm back in 2004,” says Calum Macleod, Cyber-Ark’s European director.
Elevated password privilege flaws are nothing new, dating back to the 1980s on networked and distributed computer systems of that era.
As Macleod says: “There was a famous security flaw on the DEC 10 systems in the mid-1980s that allow users and/or their programs to hop between different IDs and elevate their user privileges on an incremental basis. Fortunately for DEC 10 system managers, the flaw was exploited by hackers to allow them to use extra system resources to play multi-user games during office hours, rather than anything malicious.”
This latest security flaw, which Microsoft has patched, exploits a loophole in the Local Security Authority Subsystem Service process, which is normally used to manage user privileges within Windows.
“As such it allows hackers to escalate their levels of system access, just as their counterparts did in the mid-1980s, but hackerdom has changed immensely in the last two decades, with criminals now pulling the strings,” says Macleod. “As a result, it is imperative that IT managers keep their security software bang up to date, as well as review the degree of protection they afford their databases.”