Es besteht eine mögliche Sicherheitsanfälligkeit in Windows Service Access-Control-Bibliotheken (ACLs) von Drittherstellern (nicht Microsoft) Anwendungs-Diensten bei Windows XP Service Pack 1 und Windows Server 2003.
Betroffen von der Sicherheitsanfälligkeit sind:
• Microsoft Windows XP Service Pack 1
• Microsoft Windows Server 2003
Nicht betroffen von der Sicherheitsanfälligkeit sind:
• Microsoft Windows XP Service Pack 2
• Microsoft Windows Server 2003 Service Pack 1
Microsoft is aware of published information and proof-of-concept code that attempts to exploit overly permissive access controls on third-party (i.e., non-Microsoft) application services. This code also attempts to exploit default services of Windows XP Service Pack 1 and Windows Server 2003. If these attempts were successful, a user who has low user privileges could gain privilege escalation.
Microsoft has investigated these reports and the findings are summarized in the chart below. Microsoft has confirmed that customers who run Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues because security-related changes were made to these service packs as part of our ongoing security improvement process. Users who run Windows XP Service Pack 1 and Windows Server 2003 Gold may be at risk, but the risk to Windows Server 2003 users is reduced.
Users are encouraged to contact their third-party software vendors whose products require services installation to determine if any non-default Windows services are affected.
Microsoft is not aware of any attacks attempting to use the reported vulnerabilities or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Microsoft Security Advisory 914457 (Englisch)
Microsoft Security Advisory 914457 (Deutsch / momentan noch nicht verfügbar)
Inzwischen gibt es dazu auch eine News auf der Frontseite.
Dieser Beitrag wurde von swissboy bearbeitet: 08. Februar 2006 - 12:16