Schweregrad:: Hoch
  CVE Kennungen:: CVE-2011-0039
  Hinweisdatum: 10 Februar 2011

  Beschreibung

This security update addresses a vulnerability in the Local Security Authority Subsystem Service (LSASS), which could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. However, an attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability cannot be exploited anonymously nor remotely. More specifically, this update addresses the vulnerability by correcting the manner in which LSASS handles specific values used in the authentication process.

  Trend Micro Lösungen

For information on patches specific to the affected software, please proceed to the Microsoft Web page.

  Betroffene Software und Version:

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems