CVE-2003-1233

Name of the Vulnerable Software and Affected Versions Pedestal Software Integrity Protection Driver (IPD) versions 1.3 and earlier

Description The issue allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel. This is achieved by using the NtCreateSymbolicLinkObject function to create a symbolic link to either DevicePhysicalMemory or to a drive letter using the subst command.

Recommendations For Pedestal Software Integrity Protection Driver (IPD) versions 1.3 and earlier, consider restricting access to the NtCreateSymbolicLinkObject function to prevent the creation of symbolic links to sensitive areas until a patch is available. Additionally, limit the use of the subst command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.