Laszlo Toth has discovered a security issue in Windows XP, which can be exploited by malicious, local users to gain access to certain sensitive information.
The security issue is caused due to the Wireless Zero Configuration service allowing a non-privileged user to retrieve the configured wireless profiles using the "WZCQueryInterface()" API. The retrieved profile includes the configured SSIDs and WEP keys, or the PMK (Pairwise Master Key) that is used for pre-shared key authentication in WPA (Wi-Fi Protected Access).
The security issue has been confirmed in Windows XP SP2 with KB893357 installed.
Solution: The security issue reportedly will be fixed in Longhorn.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Microsoft Windows XP Wireless Zero Configuration Wireless Profile Disclosure
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.