BeyondTrust can demonstrate how malicious malware can use temporary privilege elevations that are common in administrative privilege solutions for Windows 7 to gain complete administrator rights. This vulnerability allows malware to install itself silently and without prompts from user account control, using the very software intended to prevent this specific action.
“It’s an oxymoron that companies often spend a lot of money on software products to prevent the very thing they’re also enabling. Unless you’re managing administrative privileges at the kernel layer, you’re really just closing one door, but simultaneously opening another. There is no patch, no software, no nothing coming out, ever, that will protect an organization from vulnerabilities like this that are inherit in application-level management of administrative privileges,” said Peter Beauregard, director of program management for BeyondTrust. “It has to be done at the kernel level, yet today most solutions for administrative privileges operate at the application level, opening them up to this vulnerability.”
The tools and processes used to identify vulnerabilities in privilege elevation could be used to cause harm to customers of competing solutions with application-level privilege elevation and will not be released publicly in detail. However, BeyondTrust will be conducting private demonstrations of the vulnerability and how the company is able to detect and leverage it at RSA.
For more information on the vulnerability, or how to properly protect administrative privileges, please visit BeyondTrust at booth (no.945).
Founded in 1985, BeyondTrust is the global leader in privilege authorization management, access control and security solutions for virtualization and cloud computing environments. BeyondTrust empowers IT governance to strengthen security, improve productivity, drive compliance and reduce expense. The company’s products eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers in heterogeneous IT systems. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust’s PowerBroker suite of products to secure their enterprises. Five of the top ten commercial banks and two of America’s largest private companies have adopted PowerBroker to secure guest operating systems and ESX hypervisors in a virtualized environment. For more information, visit www.beyondtrust.com.
BeyondTrust, the BeyondTrust logo and PowerBroker are trademarks or registered trademarks, in the United States and certain other countries of BeyondTrust Software. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.