Free Republic

Exploiting design flaws in the Win32 API for privilege escalation. Or... Shatter Attacks - How to break Windows. By Foon - ivegotta@tombom.co.uk Introduction This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. Microsoft has known about these flaws for some time; when I alerted them to this attack, their response was...

<p>A UK WEB SITE has posted what it claims is an analysis of the Windows 32 API and claims that there are inherent flaws which Microsoft knows all about, which are unfixable, but which the software giant is refusing to address.</p> <p>The report follows Jim Allchin's statement under oath that some problems in Windows are so great that if the code were released, national security would be threatened.</p> <p>The web page claims to give details of exactly how to exploit this type of flaw, and the author gives an example of how to elevate privileges.</p>