(MS11-014) Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
Gravità: : Alto
Identificatori CVE: CVE-2011-0039
Data notifica: 10 febbraio 2011
Descrizione
This security update addresses a vulnerability in the Local Security Authority Subsystem Service (LSASS), which could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. However, an attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability cannot be exploited anonymously nor remotely. More specifically, this update addresses the vulnerability by correcting the manner in which LSASS handles specific values used in the authentication process.
Informazioni esposizione:
For information on patches specific to the affected software, please proceed to the Microsoft Web page.
Software e versione interessati:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems