Microsoft warns of Windows rights bug - KB951306

Microsoft Corp. issued a security alert to warn users of a bug in most versions of Windows, but didn't promise to fix the flaw or -- if it does patch the problem -- say when a fix would be released. A little more than three weeks ago, Microsoft had denied that the problem was a vulnerability. […]

Microsoft Corp. issued a security alert to warn users of a bug in most versions of Windows, but didn't promise to fix the flaw or -- if it does patch the problem -- say when a fix would be released.

A little more than three weeks ago, Microsoft had denied that the problem was a vulnerability.

In a security advisory published on Thursday, Microsoft categorized the vulnerability as an "elevation of privilege" that, if exploited, could give attackers significantly greater access to the compromised machine. The bug affects Windows XP Professional SP2, and all versions of Windows Server 2003, Windows Vista and the brand-new Windows Server 2008.

Although the flaw is within Windows, attackers could conceivably exploit it through custom Web applications running in Microsoft's Web server, Internet Information Services. It could also be exploited via SQL Server, added Microsoft.

"Web apps usually run in a lesser-privileged mode," said Andrew Storms, director of security operations at nCircle Network Security Inc. "[Using this vulnerability, attackers] could jump that privilege to a LocalSystem account, which is not a long way from an administrative account.

"You can do quite a bit with a LocalSystem account," Storms said.

Several weeks ago, Cesar Cerrudo, a researcher and security consultant in Parana, Argentina, said that he would disclose a Windows flaw at an upcoming conference. The vulnerability, Cerrudo said in late March, could let attackers bypass some of the security schemes in the newest versions of the operating system, including Windows Server 2008.

Full Article

Microsoft, Windows, Windows OS, Exploit, Bug, Vulnerability