TITLE: Windows Insecure Service Permissions Privilege Escalation SECUNIA ADVISORY ID: SA18756
VERIFY ADVISORY: http://secunia.com/advisories/18756/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ DESCRIPTION: Some security issues in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. Insecure SERVICE_CHANGE_CONFIG permissions on the UPnP, NetBT, SCardSvr, and SSDP services can be exploited to gain escalated privileges by changing the associated program set to run by an identified service. Successful exploitation allows an arbitrary program to be executed when an affected service is restarted. The security issues have been reported in Windows XP SP1 (all listed services) and Windows Server 2003 (NetBT service). SOLUTION: The vendor reports that Windows XP SP2 and Windows Server 2003 SP1 are unaffected. Windows XP Service Pack 2: http://www.microsoft.com/windowsxp/sp2/default.mspx Windows Server 2003 Service Pack 1: http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx Various workarounds are also available in the Microsoft security advisory. ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/914457.mspx Sudhakar Govindavajhala and Andrew W. Appel: http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf OTHER REFERENCES: US-CERT VU#953860: http://www.kb.cert.org/vuls/id/953860 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
