.txt File Can Gain Admin Rights on Windows + Server [Security Fail]

Windows is perfect for enterprise. Such great security!

Microsoft Security Bulletin MS11-071 describes Windows vulnerability, which allows:

Remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affects basically all recent Microsoft Windows:

• Windows 7
• Windows Vista
• XP Service Pack 3
• Windows Server 2008
• Windows Server 2003

Wow, so a text file can gain Admin rights in Windows. So much for the claim that Windows 7 is secure. BSOD now doesn’t seem that bad now?

Related Posts

1. iOS 5.1 Safari Addressbar URL Spoofing Security Problem
2. HTC Adds Huge Security Holes to Android Phones
3. Windows XP Security Update Causes BSoD and Reboot Hell
4. PC Trojan Silently Steals Money From Windows Users
5. Microsoft server cloud EPIC FAIL, data-loss for T-Mobile sidekick phones

Tags: Fail, Microsoft, Security, Windows

This entry was posted on Sunday, September 18th, 2011 at 3:12 pm and is filed under Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.