Windows privilege escalation through LPC & ALPC interfaces

Presented at REcon 2008, June 13, 2008, 3 p.m. (60 minutes)

This presentation addresses reported security issues on both LPC (Local Procedure Call) and ALPC (Advanced Local Procedure Call) interfaces on Microsoft Windows. The first vulnerability is MS08-002 (LSASS local privilege escalation) and the second is MS07-066 (ALPC kernel code execution). This talk presents their discovery, exploitation and discuss how operating system design could be modified in order to block them. The LPC interface is an internal communication component in the Windows kernel. This undocumented interface is used in background of known Windows API. Most system components use LPC interface to communicate with lower security level programs. Windows Vista redesigned this interface in a new component called ALPC. The ALPC interface design will be discuss to see its improvement in local communication security.

Presenters:

• Thomas Garnier
  Thomas Garnier is a research engineer in SkyRecon systems research and development team. During latest year, he discovered many vulnerabilities which have resulted in several Microsoft bulletins. He is interested in reverse engineering, vulnerability research and protection design.

Links:

• https://recon.cx/2008/speakers.html#lpc
• https://infocon.org/cons/REcon/REcon 2008/REcon 2008 videos/Thomas Garnier-Windows privilege escalation through LPC and ALPC interfaces.mp4
• https://recon.cx/2008/a/thomas_garnier/LPC-ALPC-slides.pdf
• https://recon.cx/2008/a/thomas_garnier/LPC-ALPC-paper.pdf

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Is that a penguin in my Windows?
• DEF CON 11 (2003) / Interface Design of Hacking Tools
• BSidesLV 2016 / Is that a penguin in my Windows?