User Profile Service Elevation of Privilege Vulnerabily

The vulnerability is about the user profile service which has an issue in the way it handles impersonation, the first few resources in the profile get created under the user’s token, but this changes to impersonating Local System part of the way through. Any resources created while impersonating Local System might be exploitable to elevate privilege.

Read Google’s disclosed information related to the vulnerability here – https://code.google.com/p/google-security-research/issues/detail?id=123&can=1

Microsoft made it to January’s Patch Tuesday and released a fix, (the same day the bug was made public). A quick look at Microsoft complementary security bulletin states that the security update addresses the vulnerability by correcting how the Windows User Profile Service validates user privileges to load registry hives.

Furthermore, Microsoft adds that an authenticated attacker who successfully exploits the vulnerability could leverage the Windows User Profile Service (ProfSvc) to load registry hives associated with other user accounts and potentially execute programs with elevated permissions. The security update addresses the vulnerability by correcting how the Windows User Profile Service validates user privileges to load registry hives.

Read Microsoft Security Bulletin here – https://technet.microsoft.com/library/security/MS15-003

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top