Gravité: : Élevé
  Identifiant(s) CVE: : CVE-2011-0039
  Date du conseil: 10 février 2011

  Description

This security update addresses a vulnerability in the Local Security Authority Subsystem Service (LSASS), which could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. However, an attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability cannot be exploited anonymously nor remotely. More specifically, this update addresses the vulnerability by correcting the manner in which LSASS handles specific values used in the authentication process.

  Information Exposure Rating:

For information on patches specific to the affected software, please proceed to the Microsoft Web page.

  Affected software and version:

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems