A default setting in both Windows 7 and 8.1 could allow local users to elevate privileges and in some situations, escape application sandboxes.
The issue, something that leaves all current Windows client installations vulnerable, lies in the way the operating system handles authentication. In some instances it could be possible for a user to use a reflection attack in NT LAN Manager, a collection of security protocols found in Windows systems, to leverage WebDAV (Web Distributed Authoring and Versioning) and carry out an attack.
“It’s possible to abuse cross-protocol NTLM reflection to attack the local SMB server by forcing a local system process to access a WebDAV UNC path,” warned James Forshaw, the Google Project Zero security researcher who found the issue, on Monday.
