Microsoft Security Advisory (914457)

Discussion in 'news, general information and FAQs' started by NICK ADSL UK, Feb 8, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (914457)
    Possible Vulnerability in Windows Service ACLs
    Published: February 7, 2006


    Microsoft is aware of published information and proof-of-concept code that attempts to exploit overly permissive access controls on third-party (i.e., non-Microsoft) application services. This code also attempts to exploit default services of Windows XP Service Pack 1 and Windows Server 2003. If these attempts were successful, a user who has low user privileges could gain privilege escalation.

    Microsoft has investigated these reports and the findings are summarized in the chart below. Microsoft has confirmed that customers who run Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues because security-related changes were made to these service packs as part of our ongoing security improvement process. Users who run Windows XP Service Pack 1 and Windows Server 2003 Gold may be at risk, but the risk to Windows Server 2003 users is reduced.

    Users are encouraged to contact their third-party software vendors whose products require services installation to determine if any non-default Windows services are affected.

    Microsoft is not aware of any attacks attempting to use the reported vulnerabilities or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.

    Mitigating Factors:


    The latest Microsoft operating systems, including Windows XP Service Pack2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues.


    A malicious user who launches an attack based on the finder’s report would require at least authenticated user access to the affected operating systems


    Two of the four services identified in the paper (NetBT and SCardSvr) require an attacker to already be running in a privileged security context. Additionally, the two services that do allow an authenticated user to attack are vulnerable only on Windows XP Service Pack 1.


    Firewall best practices and standard default firewall configurations can help protect from attacks that originate outside the enterprise perimeter. Best practices also recommend that personal firewalls be used within a network and that systems connected to the Internet have a minimal number of ports exposed.

    http://www.microsoft.com/technet/security/advisory/914457.mspx
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    The above advisory has been revised.

    Revision:
    February 8, 2006: Added additional FAQ information for affected platforms and service start-up type properties
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
Thread Status:
Not open for further replies.