Wednesday, November 14, 2018
  • Home
  •             

Microsoft discloses vulnerability affecting multiple Windows Versions

April 22nd, 2008 by Patrick S

After investigating public reports, Microsoft has published Microsoft Security Advisory 951306, which describes a vulnerability that affects multiple versions of Windows (including Windows XP Professional Service Pack 2, all supported versions and editions of Windows Server 2003, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.)

The newly found security flaw could potentially allow a malicious local user (who has authentication) to execute specially crafted code to raise his privilege level to LocalSystem. IIS and SQL Server are the main attack vectors. But other vectors are possible, such as Microsoft Distributed Transaction Coordinator (MSDTC) on Windows Server 2003.

The vulnerability looks like it basically allows for any process that has the SeImpersonatePrivilege to execute some code and be able to impersonate LocalSystem (which has the NT AUTHORITY\SYSTEM SID and a wealth of privileges in its token). For Windows 2003 and beyond the users awarded that privilege are in the Network Services, Local Services, Local System, and Administrators groups. On Vista/Server 2008 you additionally won’t have the privilege unless you’ve elevated. That fortunately reduces the scope of this otherwise highly serious vulnerability, though it still isn’t pretty.

It must be noted however  Microsoft stated in its advisory that- “Hosting providers may be at increased risk from this elevation of privilege vulnerability.” However, no exploitation has been observed at this time.
Microsoft Security Advisory 951306

Posted in MS News, Security, Windows Server System, Windows Vista, Windows XP | 1 Comment »


This entry was posted on Tuesday, April 22nd, 2008 at 3:59 pm and is filed under MS News, Security, Windows Server System, Windows Vista, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


One Response

  1. MSBLOG » Blog Archive » Mass SQL injections Says:

    […] this week I published a post regarding a vulnerability in several versions of Microsoft Windows… …Well the vulnerability is now being executed-there is another round of Mass SQL […]