pGet in touch with us:  +44 (0) 1252 757181

Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability

Monday, January 05, 2015
Steve Atkinson

A Google security researcher, 'James Forshaw' has discovered a privilege escalation vulnerability in Windows 8.1 .

The vulnerability resides in the function AhcVerifyAdminContext, an internal function and not a public API, which actually checks whether the user is an administrator.

This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator and thus allows a triggered application to run with elevated privileges. An attacker can then simply migrate to this process and then has local admin rights, which is then “game on”!

If a hacker cannot elevate privileges from a standard user context on a Windows operating system, then practically all they can do is use the compromised system as a pivot to go elsewhere on your network.

It is therefore essential to implement additional security controls to prevent malicious Privilege escalation and not just rely on inbuilt Windows and anti-virus controls.

Avecto’s DefendPoint is a leading solution in this space, which allows the Enterprise to easily manage and enforce least privilege user accounts at a scale on Windows workstation and server operating systems.

Archive