All of you know my opinions on Microsoft and security. Normally the security problems Microsoft products have are the result of sloppy programming (and are relatively easy to fix), but every once in a while we get a serious design flaw.
This is one of those cases. Read on for details The link provided below gives intricate details, and I recommend any technically oriented (whether you are a programmer or not) person to read it. If you don’t write win32 code, you won’t get it all, but the implications are still clear.
The article describes a simple manner that any user no matter how few privileges they have on a Window’s desktop can get LocalSystem (effectively administrator) privileges.
I am just stunned at the simplicity of this hole, and the fact that I agree with the author that it probably can’t be fixed.
Exploiting design flaws in the Win32 API for privilege escalation.