Posted by James Forshaw on Mar 24

Windows Local WebDAV NTLM Reflection Elevation of Privilege
Platform: Windows 8.1 Update, Windows 7
Class: Elevation of Privilege
Disclosure Date: 18th March 2015
Reference: https://code.google.com/p/google-security-research/issues/detail?id=222

Summary:
A default installation of Windows 7/8 can be made to perform a NTLM
reflection attack through WebDAV which allows a local user to elevate
privileges to local system. It can also be used to…