New vulnerabilities for old operating systems may not seem particularly interesting, until you consider the large number of legacy machines running outdated versions of Windows. Windows XP has reached its end of life, meaning that new vulnerabilities will not be patched. In this post we will show that a recent vulnerability can be used as a platform for exploiting Windows XP.
In October, Microsoft released a bulletin for a privilege escalation vulnerability in the FASTFAT driver that was released as:
MS14-063 -- Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579), CVE-2014-4115.
Let me present some of the most interesting parts of the advisory and add some details from my own research.
When the bug kicks in…
In the advisory, Microsoft indicates that the following OS’s are vulnerable:
- Microsoft Windows Server 2003 SP2
- Vista SP2
- Server 2008 SP2
The Microsoft bulletin does not mention Windows XP, since Windows XP is no longer supported. According to my research, however, this vulnerability is also present in the Windows XP FASTFAT driver.
See the following video.
This vulnerability can be exploited on Windows XP SP3 using a malicious usb stick with a malformed FAT32 partition. Let’s examine the reaction when the USB is inserted into the system.