Windows Security Update Targets Elevation of Privilege Attacks

September 3, 2008 by Adrian
Filed under: Microsoft, Security

Microsoft this week is continuing its ongoing investigation into what it calls “new public reports” of a vulnerability that could allow hackers to gain superuser privileges through LocalSystem in Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Redmond late last week issued a Security Advisory adding Windows XP Professional Service Pack 3 to the list of affected software. The advisory provides IT pros with some guidance and workarounds to help avoid a vulnerability that may allow elevation-of-privilege attacks. The software giant said it is considering other actions, including the provision of a “security update” via its monthly Patch Tuesday security rollout.

This latest update involves a highly technical attack vector similar in scope to a patch released in last April’s slate, where a local privilege-escalation vulnerability affected the Windows kernel due to improper validation of user-mode input. In the same manner, with this advisory, an attacker who has gained local access can change user parameters and exploit this issue to execute code with elevated permissions.

Full Story

Tags: Attacks, dralnuX, Updates

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

RSS Feed
Subscribe via Email
Categories
- Apple
- Comics
- Database
- Download
- Email
- Entertainment
- File Sharing
- Gadget
- Games
- General
- Humor
- Internet
- Linux
- Media
- Microsoft
- Mobile
- Money
- Movies
- Networking
- News
- Office
- Open Source
- OS
- PC
- People
- Politics
- Programming
- Religion
- Reviews
- Rumor
- Science
- Security
- Sports
- Technology
- Videos
- Web
- Wireless
- WTF
Recent Posts
Archives

dralnuX.com

Windows Security Update Targets Elevation of Privilege Attacks

Comments

RSS Feed

Subscribe via Email

Categories

Recent Posts

Archives

Advertisement

Partner Sites

MyBlogLog