NSFOCUS Security Team has discovered that Windows Vista contains a vulnerability in determining the language input status. Successful exploitation of the vulnerability might allow a malicious user who accesses a terminal system or access system via Terminal Service to bypass login authentication and acquire administrative permissions.     

The issue is the same as MS00-069 which affects Windows 2000 in that it can be exploited not only locally, but also remotely via Terminal Service. In addition, they are also very similar in their cause and exploitation.

The exploitation of the vulnerability is related to the design of language input methods, said experts from NSFOCUS. It is proved that Google Pinyin version 1.0.15.0 and FreeWB are exploitable, and other third party input methods with improper design might also be exploitable.

The issue has been reported to Microsoft at the time of writing, yet no patch has been released. NSFOCUS experts cautioned Vista users to be alert and take measures. They also recommended users to uninstall the above affected language input methods and other third party input methods, and use the input methods included with Windows Vista such as Microsoft Pinyin or Intelligent ABC temporarily till update from Microsoft or language input method vendors are available.

It is also proved that Google Pinyin version 1.0.16.0 is not prone to the login authentication bypass vulnerability. Users may want to install the latest version of Google input method.

About NSFOCUS
NSFOCUS is a leading network security vendor in China that is devoted to network and system security research, as well as R&D, sales and service of high-level network security products. NSFOCUS is capable of providing IDS/IPS, remote assessment, DDoS prevention and other advanced products with internationally competitive advantages, and is the most experienced professional security service vendor in China.