|
Windows Insecure Service Permissions Privilege Escalation
|
|
|
|
|
Secunia Advisory:
|
SA18756
|
|
|
Release Date:
|
2006-02-08
|
|
Last Update:
|
2006-03-14
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
| | CVE reference: | CVE-2006-0023 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Sudhakar Govindavajhala and Andrew W. Appel have reported some security issues in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
Insecure SERVICE_CHANGE_CONFIG permissions on the UPNPHost, NetBT, SCardSvr, DHCP, DnsCache, and SSDPSRV services can be exploited to gain escalated privileges by changing the associated program set to run by an identified service.
Successful exploitation allows an arbitrary program to be executed when an affected service is restarted.
The security issues have been reported in Windows XP SP1 (all listed services) and Windows Server 2003 (NetBT service). The vendor reports that Windows XP SP2 and Windows Server 2003 SP1 are unaffected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Apply patches.
Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/de...=004D4492-08A5-445E-B5CD-BCC9162CC8F9
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/de...=B8D2D18F-8D2A-495B-83FF-1696EC1E5EA1
Microsoft Windows Server 2003 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=B1AB9B42-80CD-4002-88FA-7A83AB15C2EE
Provided and/or discovered by:
Sudhakar Govindavajhala and Andrew W. Appel
The vendor also credits Andres Tarasco of SIA Group.
Changelog:
2006-03-14: Vendor issues patches for Windows XP SP1 and Windows Server 2003.
Original Advisory:
MS06-011 (KB914798):
http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx
Microsoft:
http://www.microsoft.com/technet/security/advisory/914457.mspx
Sudhakar Govindavajhala and Andrew W. Appel:
http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
Other References:
US-CERT VU#953860:
http://www.kb.cert.org/vuls/id/953860
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
244 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft Windows Event System Privilege Escalation Vulnerabilities
|
|
2. Microsoft Windows Color Management System Buffer Overflow
|
|
3. Microsoft SQL Server and MSDE Multiple Vulnerabilities
|
|
4. Microsoft Windows DNS Spoofing Vulnerabilities
|
|
5. Microsoft Windows Pragmatic General Multicast Denial of Service
|
|
6. Microsoft Windows Active Directory LDAP Request Processing Denial of Service
|
|
7. Microsoft Windows WINS Privilege Escalation Vulnerability
|
|
8. Microsoft DirectX MJPEG/SAMI File Processing Vulnerabilities
|
|
9. Microsoft Windows Speech Recognition Security Issue
|
|
10. Apple Safari on Windows Code Execution Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
