- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in LSASS Allows Local Elevation of Privilege (MS08-002)
------------------------------------------------------------------------
SUMMARY
This important update resolves a privately reported vulnerability in
Microsoft Windows Local Security Authority Subsystem Service (LSASS). The
vulnerability could allow an attacker to run arbitrary code with elevated
privileges. An attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.
DETAILS
Affected Software
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9-4876-8340-84fe3e43e5cc> Microsoft Windows 2000 Service Pack 4 - Local Elevation of privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36-490e-aefe-edb7b3a0df9c> Windows XP Service Pack 2 - Local Elevation of privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?FamilyID=51fc657b-2b4a-4725-a744-d279e027c4a5> Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Local Elevation of privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f-4d4d-b8d7-adec8ff310d5> Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Local Elevation of privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?FamilyID=f19fd790-a4e6-4a8a-8077-d1bbfe37ecca> Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2 - Local Elevation of privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?FamilyID=0382a195-aa3d-409b-8a79-9fe61588d8a9> Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems - Local Elevation of privilege - Important - None
Non-Affected Software
* Windows Vista
* Windows Vista x64 Edition
LSASS Bypass Vulnerability - CVE-2007-5352
An elevation of privilege vulnerability exists in the Microsoft Windows
Local Security Authority Subsystem Service (LSASS) due to its improper
handling of local procedure call (LPC) requests. The vulnerability could
allow an attacker to run code with elevated privileges. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5352>
CVE-2007-5352
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment