Critical vulnerability found in Windows

Microsoft is currently investigating a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting major windows release from Windows XP Professional SP2 to Windows Server 2008.

This vulnerability was publicly reported and according to Microsoft's advisory "Specially crafted code running in the context of the NetworkService or LocalService accounts may gain access to resources in processes that are also running as NetworkService or LocalService". MSSQL and IIS will also be affected if they are configured to run code.

Successful exploitation allows execution of arbitrary code with LocalSystem privileges, but require the ability to run code in an authenticated context (such as using IIS running ASP.NET code and SQL Server having administrative privileges to load and run code).

So far (at the time of this entry) the suggested workaround from Microsoft is to configure a Worker Process Identity (WPI) for an application pool in IIS to use a created account in IIS Manager and disable MSDTC. For more detail, please see the Microsoft Advisory.

Just wondering whether we will see the patch ready on the coming "Black Tuesday" (Monthly Microsoft patch). Please join the poll on "How long should a patch be released after a critical vulnerability was announced?" on the right side of this blog.

Related Reports:
- Microsoft Security Advisory (951306), Vulnerability in Windows Could Allow Elevation of Privilege

- Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability (SecurityFocus)

What is data sanitization?

I always wanted to write about secure data deletion (or data sanitization), especially when we read news on sensitive data (e.g Credit card numbers) been collected from 2nd hand harddisks and discarded system.

Many people thought that when they empty their "Recycle Bin" in their system, all the data are totally lost and cannot be recovered. The data was only not accessable by the OS but it can be easily recovered using Data recovery software (easily found in the Internet). When you empty the recycle bin, the data was still on the physical harddisk. The data were not "erased", only mark as "overwritable" by the OS and will only be over-written when new data need to be saved in the Harddisk.

Method of Secure Deletion
- Overwriting
It is the most common way of securely deleting data these days. It is commonly known as data wiping. Basically, this method simply overwrite the data with a pattern of all zeros or ones.
But as more and more advanced data recovery and forsenic methods used, simply overwriting with ones or zeros was not effective. More patterns of overwriting were used. Beside the alternating patterns of using ones and zeros, patterns uses the complement, bitwise inverse and NOT of the existing data were also used.The Gutmann method, which uses 35 patterns to overwrite data.

The more patterns you used, the more secure the deletion will be. But more time will also be needed to complete the "deletion" as the system need to overwrite the same amount of data the number of times (patterns).

Previously, overwriting is a DoD (US Department of Defense) acceptable method of secure deletion for magnetic media. DoD 7 passes (patterns) method was widely followed as a best practise. But due to the problem of media degration and errors, overwriting on some areas of the media may not be possible. On Nov 2007, overwriting is no longer accepted as a D0D secure deletion method. Only degaussing or physical destruction is acceptable.

Note:
To recommend a program to securely delete a harddisk, i will recommend DBAN (Darik's Boot and Nuke). It is an freeware (based on open source project), which supports DoD 7 passes and Gutmann method. It can be boot up from floppy, CD or flashdrive. It can also work on IDE, SCSI and SATA harddisk.

- Degaussing
It uses magnetic field that makes the data in the magnetic media to be unreadable. Degaussed harddisks are normally not operational as the magnetic field will erase the low-level formatting(servo control data) that is created during manufacturing.

- Physical Destruction
Physically breaking the media is the most straight forward way of destroying the data. But in order to securely destroying the data, grinding and shredding should be properly carried out. Incinerating of the media can also be used as a way to physically destroying of data.
Using of corrosive chemical, such as acids, can also be used.

- Encryption
With FDE (Full Disk Encryption) harddisk getting popular in the market, encryption became the fastest and probably the easiest way of securely "delete" all the data in a harddisk.
Basically how it works is that since the harddisk is fully encryption, by simply "overwriting" (secure delete) the decryption key, it is almost "impossible" to recover any data from the harddisk. The time taken to overwrite the decryption key is much faster than overwrite the whole harddisk.

Some recommended software (Overwriting):
- Eraser is a secure data removal tool for Windows. It supports DoD 3/7 passes and Gutmann method. It can also be scheduled to securely delete files/folders.

- Darik's Boot and Nuke is used for secure deletion of the whole harddisk. It is an freeware (based on open source project), which supports DoD 3/7 passes and Gutmann method. It can be boot up from floppy, CD or flashdrive. It can also work on IDE, SCSI and SATA harddisk.