Vulnerability in Windows Could Allow Elevation of Privilege
Published: April 17, 2008
Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.
Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Do you know if it is related to
ReplyDeleteCesar's talk at HITB?
http://conference.hitb.org/hitbsecconf2008dubai/?page_id=182
or is it something else?
Well, after reading the description...how can it not be related?
ReplyDeleteSeveral people in the security mailing list were looking around trying to find the release, I guess you had to in Dubai. =)