- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in Windows Vista Allows Information Disclosure (MS07-032)
------------------------------------------------------------------------
SUMMARY
This moderate security update resolves a privately reported vulnerability.
This vulnerability could allow non-privileged users to access local user
information data stores including administrative passwords contained
within the registry and local file system.
DETAILS
Vulnerable Systems:
* Windows Vista - Information Disclosure - Moderate
* Windows Vista x64 Edition - Information Disclosure - Moderate
Immune Systems:
* Windows 2000 Service Pack 4
* Windows XP Service Pack 2
* Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems
Permissive User Information Store ACLs Information Disclosure
Vulnerability - CVE-2007-2229
There is an information disclosure vulnerability in Windows Vista that
could allow non-privileged users to access local user information data
stores including administrative passwords contained within the registry
and local file system. The vulnerability could allow a local attacker to
have access to user account data that could then be used in an attempt to
gain full access to the affected system.
To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2229>
CVE-2007-2229.
Mitigating Factors for Permissive User Information Store ACLs Information
Disclosure Vulnerability - CVE-2007-2229
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state, that could reduce the severity
of exploitation of a vulnerability. The following mitigating factor may be
helpful in your situation:
An attacker must have valid logon credentials.
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx>
http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment