There has been found a new vulnerability in Windows operating system. It could be exploited by authenticated attackers to gain elevated privileges. This issue is caused by an error when running applications in the context of the NetworkService or LocalService accounts, which could be exploited to gain access to resources in processes that are also running as NetworkService or LocalService, and that have the ability to elevate their privileges to LocalSystem, allowing any NetworkService or LocalService processes to elevate their privileges to LocalSystem.
Microsoft is investigating the vulnerability and will release a fix if it's seen as necessary. As a workaround Microsoft recommends to configure or specify a Worker Process Identity (WPI) for an application pool.
For More information please see Microsoft Security Advisory of the vulnerability.
Vulnerable operating systems:
* Windows XP
* Windows Server 2003
* Windows Vista
* Windows Server 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment