Welcome

I'm Blake Watts, a systems developer and researcher for Microsoft Windows NT/2K/XP based platforms. This site is a container for all of the research that I have made public.

blake@blakewatts.com

Research

[April 2002] - Discovering and Exploiting Named Pipe Security Flaws for Fun and Profit
This paper addresses a number of named pipe related issues affecting all versions of Windows NT based operating system. The paper was written pre-release of Windows 2000 SP4. Therefore, consider this an advisory up to this point. It is my understanding that Windows NT and Windows XP are still affected by the issues.

Public Advisories

This section contains a misc set of advisories that have already been made public that I was involved with. I will be making public a number of advisories in the weeks to come.

Windows Media Player WMDM Privilege Escalation Vulnerability

Denial of Service Vulnerability in Windows 2000 RunAs Service - RADIX1112200103

Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability - RADIX1112200102

Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability - RADIX1112200101

Event Viewer Buffer Overflow

Telnet Service Privilege Escalation

Service Control Manager Named Pipe Privilege Escalation