BugTraq
Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Dec 10 2010 01:06AM
StenoPlasma @ www.ExploitDevelopment.com (exploitdevelopmentdotcom gmail com) (1 replies)
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Dec 10 2010 04:29PM
Stefan Kanthak (stefan kanthak nexgo de) (2 replies)
RE: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Dec 10 2010 06:12PM
George Carlson (gcarlson vccs edu) (2 replies)
RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Dec 11 2010 12:15AM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Dec 13 2010 05:12PM
Andrea Lee (andrea kattrap net) (4 replies)
Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privilegesand Login as Cached Domain Admin Accounts (2010-M$-002) Dec 13 2010 07:16PM
Ansgar Wiechers (bugtraq planetcobalt net)
On 2010-12-13 Andrea Lee wrote:
> A local admin is an admin on one system. The domain admin is an admin
> on all systems in the domain, including mission critical Windows
> servers. With temporary domain admin privs, the local admin could log
> into the AD and change permissions / passwords for another user or
> another user, thus getting full admin rights on all systems for a long
> period of time.

Can he? The OP isn't too clear about this, but it was my understanding,
that the local admin can impersonate the cached domain account on the
local machine, but not on the network. In which case your point about
the domain admin being "bigger" from the domain perspective is true, but
is also completely moot, as a local admin could only impersonate another
account with local admin privileges. Which he can do anyway.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus