Microsoft Windows Trusted Domain Privilege Escalation Vulnerability

Trust relationships can be configured between domains controlled by Microsoft Windows 2000 and NT Server. These trust relationships allow for 'trusted domains' to access resources on 'trusting domains'.

Windows 2000 and NT contain a vulnerability in this feature that may allow for an attacker with administrative privileges on a trusted domain to elevate privileges on any trusting domain.

It is possible for a trusted domain to associate any SID (security identifier) with any security group in the trusting domain. A malicious administrator or an attacker who has obtained administrative privileges on a trusted domain may exploit this vulnerability to obtain control of the trusting domain. For example, a trusted domain may associate a local (within the trusted domain) user SID with the administrative security group on the trusting domain. The SID would then have the privileges of the administrative group within the trusting domain.

It should be noted that it is difficult to exploit this vulnerability.

Microsoft Windows 2000 and NT provide no facility or API allowing for modification of the authorization data required to exploit this vulnerability.


Privacy Statement
Copyright 2010, SecurityFocus