(MS11-014) Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
Publish Date: 10 de февраля de 2011
Severity: : High
CVE Kennungen: : CVE-2011-0039
Advisory Date: 10 de февраля de 2011
DESCRIPTION
This security update addresses a vulnerability in the Local Security Authority Subsystem Service (LSASS), which could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. However, an attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability cannot be exploited anonymously nor remotely. More specifically, this update addresses the vulnerability by correcting the manner in which LSASS handles specific values used in the authentication process.
INFORMATION EXPOSURE
For information on patches specific to the affected software, please proceed to the Microsoft Web page.
AFFECTED SOFTWARE AND VERSION:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems