Windows privilege escalation through LPC & ALPC interfaces presented at REcon 2008

by Thomas Garnier,


Summary : This presentation addresses reported security issues on both LPC (Local Procedure Call) and ALPC (Advanced Local Procedure Call) interfaces on Microsoft Windows. The first vulnerability is MS08-002 (LSASS local privilege escalation) and the second is MS07-066 (ALPC kernel code execution). This talk presents their discovery, exploitation and discuss how operating system design could be modified in order to block them.
The LPC interface is an internal communication component in the Windows kernel. This undocumented interface is used in background of known Windows API. Most system components use LPC interface to communicate with lower security level programs. Windows Vista redesigned this interface in a new component called ALPC. The ALPC interface design will be discuss to see its improvement in local communication security.