Windows flaw highlights insider threat risk

A serious privilege escalation flaw has been found in all supported versions of Windows. Here’s what it could mean for businesses – and why you need to patch your systems immediately. 

A patch that wasn’t part of Microsoft’s regularly scheduled updates contained a fix for a serious vulnerability, MS14-068, which allows any user to gain extra privileges from Windows. As the security bulletin states:

“An attacker could use this vulnerability to elevate an unprivileged domain user account to a domain administrator account. An attacker that successfully exploited this vulnerability could impersonate any user on the domain, including domain administrators, and join any group. By impersonating the domain administrator, the attacker could install programs; view, change or delete data; or create new accounts on any domain-joined system.”

In short, this could allow any user to have nearly unlimited privileges on the systems. And that could be taken advantage of to infect other users.

Microsoft also has said that limited attacks using this flaw have been detected.

The insider threat

The most obvious exploitation of this threat would be the malicious insider: a tech-savvy user who knows about the vulnerability and can exploit it for their own gain.

IT managers know that these cases are fairly rare, but they do still happen. If a user is sufficiently motivated to wreak havoc on your systems, many are in a prime position to do so. While a recent survey saw external threats take over internal ones as the main security concern, insiders still loom large as a potential vulnerability.

Remote attacks

Another possibility: A user whose account credentials are compromised or whose system is taken over could be granted escalated privileges.

That could essentially mean that the lowest user on the system could become a domain administrator with all the privileges and access that entails. So a data entry clerk could theoretically install malware on other users’ systems or steal or delete proprietary info.

Mitigating the risk

Fortunately, the solution to this vulnerability is fairly straightforward. Update to a fixed version ASAP.

And going forward, be sure to have a solid patch-management system in place. Even if the occasional patch escapes your notice, chances are it won’t elude would-be attackers.