The working proof-of-concept source code in C++ was uploaded to the popular programming site CodeProject some days ago. The source code and related web page has been removed since then. But this made the source code public and now it is in easy reach of any malware programmer or hacker.
This exploit can raise the privileges of a process running with standard user permissions to kernel level permissions. The NT kernel has access to everything in Windows. This exploit bypasses the User Account Control (UAC) present in Vista and 7. Thus a malicious program can easily take over the system.
The proof-of-concept code in the following picture raises the privileges of cmd.exe (command prompt) from standard user to the nt authority (kernel level).
A workaround has been proposed by Sophos Security blog. This involves changing permissions of the HKCU\EUDC key.
Edited by Romeo29, 25 November 2010 - 09:56 AM.