(Sorry if some are these are duplicated. Peter sometimes posts them and I'm back to not receiving his posts again, so I don't know if he's posted them or not. This one he hasn't because it's not in the archives). -Clint
TITLE: Microsoft Windows XP Wireless Zero Configuration Wireless Profile Disclosure SECUNIA ADVISORY ID: SA17064 VERIFY ADVISORY: http://secunia.com/advisories/17064/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ DESCRIPTION: Laszlo Toth has discovered a security issue in Windows XP, which can be exploited by malicious, local users to gain access to certain sensitive information. The security issue is caused due to the Wireless Zero Configuration service allowing a non-privileged user to retrieve the configured wireless profiles using the "WZCQueryInterface()" API. The retrieved profile includes the configured SSIDs and WEP keys, or the PMK (Pairwise Master Key) that is used for pre-shared key authentication in WPA (Wi-Fi Protected Access). The security issue has been confirmed in Windows XP SP2 with KB893357 installed. SOLUTION: The security issue reportedly will be fixed in Longhorn. Grant only trusted users access to affected systems. ORIGINAL ADVISORY: http://www.soonerorlater.hu/index.khtml?article_id=62 OTHER REFERENCES: KB893357: http://support.microsoft.com/kb/893357 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
