.txt File Can Gain Admin Rights on Windows + Server [Security Fail]
Windows is perfect for enterprise. Such great security!
Microsoft Security Bulletin MS11-071 describes Windows vulnerability, which allows:
Remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affects basically all recent Microsoft Windows:
- Windows 7
- Windows Vista
- XP Service Pack 3
- Windows Server 2008
- Windows Server 2003
Wow, so a text file can gain Admin rights in Windows. So much for the claim that Windows 7 is secure. BSOD now doesn’t seem that bad now?